Plaintext Authentication

Caution: Tenable does not recommend plaintext credentials. Instead, use encrypted authentication methods when possible.

If a secure method of performing credentialed checks is not available, you can configure Tenable Security Center to perform checks over unsecure protocols using plaintext authentication settings.

Tenable Security Center supports the following plaintext authentication methods:

You can configure plaintext authentication options in scan policies, as described in The Authentication tab specifies authentication options during a scan. and Add a Scan Policy.

telnet/rsh/rexec

Tenable Security Center performs patch auditing on non-Windows targets only.

Setting Description Default
Username (Required) The username for the telnet, rsh, or rexec account that Tenable Security Center uses to perform checks on the target system. -

Password (Unsafe!)

(Required) The password for the telnet, rsh, or rexec user. -

NNTP

Setting Description Default
Username (Required) The username for the NNTP account that Tenable Security Center uses to perform checks on the target system. -
Password (Required) The password for the NNTP user. -

FTP

Setting Description Default
Username (Required) The username for the FTP account that Tenable Security Center uses to perform checks on the target system. -
Password (Required) The password for the FTP user. -

POP2

Setting Description Default
Username (Required) The username for the POP2 account that Tenable Security Center uses to perform checks on the target system. -
Password (Required) The password for the POP2 user. -

POP3

Setting Description Default
Username (Required) The username for the POP3 account that Tenable Security Center uses to perform checks on the target system. -
Password (Required) The password for the POP3 user. -

IMAP

Setting Description Default
Username (Required) The username for the IMAP account that Tenable Security Center uses to perform checks on the target system. -
Password (Required) The password for the IMAP user. -

IPMI

Setting Description Default
Username (Required) The username for the IMPI account that Tenable Security Center uses to perform checks on the target system. -

Password (Sent in Clear)

(Required) The password for the IPMI user. -

HTTP

Setting

Description

Default

Authentication Method

(Required) The authentication method.

  • Automatic authentication
  • Basic/Digest authentication
  • HTTP login form — Controls the start location of authenticated testing of a custom web-based application.
  • HTTP cookies importTenable Security Center uses cookies imported from another piece of software (such as a web browser or web proxy) to facilitate web application testing by using when attempting to access a web application.
HTTP Login Form
Username (Required) The username for the HTTP account that Tenable Security Center uses to perform checks on the target system.
Password (Required) The password for the HTTP user.

Login page

(Required) The absolute path to the application login page. For example, /login.html.

Login submission page

(Required) The action parameter for the form method. For example, for <form method="POST" name="auth_form" action="/login.php">, use /login.php.

Login parameters

(Required) The authentication parameters (for example, login=%USER%&password=%PASS%).

Tenable Security Center replaces the %USER% and %PASS% keywords with values supplied on the Login configurations drop-down menu.

Tip: If needed, you can provide additional parameters, such as a group name or other information required for authentication.

Check authentication on page

(Required) The absolute path of a protected web page that requires authentication. For example, /admin.html.

Regex to verify successful authentication

(Required) The regex pattern you want Tenable Security Center to look for on the login page to validate authentication.

Tip: Tenable Security Center can attempt to match a given string, such as Authentication successful.

Cookies file

(Required) A cookie file in Netscape cookies.txt format.