Plaintext Authentication
Caution: Using plaintext credentials is not recommended. Use encrypted authentication methods when possible.
If a secure method of performing credentialed checks is not available, you can configure Tenable Vulnerability Management to perform checks over unsecure protocols using the Plaintext Authentication settings.
FTP
| Setting | Default Value | Description | Required? |
|---|---|---|---|
| Username | – | Login user’s name. | yes |
| Password | – | Password of the user specified. | yes |
HTTP
| Setting | Default |
Description |
Required |
|---|---|---|---|
| Authentication method | HTTP Login Form |
The authentication method. Supported values are:
|
yes |
| Method: Automatic Authentication | |||
| Username | – | Login user's name. | yes |
| Password | – | Password of the user specified. | yes |
| Method: Basic/Digest authentication | |||
| Username | – | Login user's name. | yes |
| Password | – | Password of the user specified. | yes |
| Method: HTTP login form | |||
|
Username |
– |
Login user’s name. |
yes |
|
Password |
– |
Password of the user specified. |
yes |
|
Login page |
– |
The absolute path to the login page of the application, e.g., /login.html. |
yes |
|
Login submission page |
– |
The action parameter for the form method. For example, the login form for <form method="POST" name="auth_form" action="/login.php"> would be /login.php. |
yes |
|
Login parameters |
– |
Specify the authentication parameters (e.g., login=%USER%&password=%PASS%). If the keywords %USER% and %PASS% are used, the keywords will be substituted with values supplied on the Login configurations drop-down menu. This field can be used to provide more than two parameters if required (e.g., a group name or some other piece of information is required for the authentication process). |
yes |
|
Check authentication on page |
– |
The absolute path of a protected web page that requires authentication, to better assist Tenable Vulnerability Management in determining authentication status, e.g., /admin.html. |
yes |
|
Regex to verify successful authentication |
– |
A regex pattern to look for on the login page. Simply receiving a 200 response code is not always sufficient to determine session state. Tenable Vulnerability Management can attempt to match a given string such as Authentication successful! |
yes |
| Method: HTTP cookies import | |||
| Cookies file | – |
Upload a cookie file. The file must be in Netscape format. |
yes |
| All methods: Scan-wide Credential Type Settings | |||
|
Login method |
POST |
Specify if the login action is performed via a GET or POST request. |
yes |
|
Re-authenticate delay (seconds) |
0 |
The time delay between authentication attempts. Setting a time delay is useful to avoid triggering brute force lockout mechanisms. |
yes |
|
Follow 30x redirections |
0 |
If a 30x redirect code is received from a web server, this setting directs Tenable Vulnerability Management to follow the link provided or not. |
yes |
|
Invert authenticated regex |
Disabled |
A regex pattern to look for on the login page, that if found, tells Tenable Vulnerability Management that authentication was not successful (e.g., Authentication failed!). |
no |
|
Use authenticated regex on HTTP headers |
Disabled |
Rather than search the body of a response, Tenable Vulnerability Management can search the HTTP response headers for a given regex pattern to better determine authentication state. |
no |
|
Case insensitive authenticated regex |
Disabled |
The regex searches are case sensitive by default. This instructs Tenable Vulnerability Management to ignore case. |
no |
IMAP
| Setting | Default Value | Description | Required? |
|---|---|---|---|
| Username | – | Login user’s name. | yes |
| Password | – | Password of the user specified. | yes |
IPMI
| Setting | Default Value | Description | Required? |
|---|---|---|---|
| Username | – | Login user’s name. | yes |
| Password | – | Password of the user specified. | yes |
NNTP
| Setting | Default Value | Description | Required? |
|---|---|---|---|
| Username | – | Login user’s name. | yes |
| Password | – | Password of the user specified. | yes |
POP2
| Setting | Default Value | Description | Required? |
|---|---|---|---|
| Username | – | Login user’s name. | yes |
| Password | – | Password of the user specified. | yes |
POP3
| Setting | Default Value | Description | Required? |
|---|---|---|---|
| Username | – | Login user’s name. | yes |
| Password | – | Password of the user specified. | yes |
SNMPv1/v2c
SNMPv1/v2c configuration allows you to use community strings for authentication to network devices. You can configure up to four SNMP community strings.
| Setting | Default Value | Description | Required |
|---|---|---|---|
| Community string | public | The community string Tenable Vulnerability Management uses to authenticate on the host device. | yes |
| Scan-wide Credential Type Settings | |||
|
UDP Port |
161 | Ports where Tenable Vulnerability Management attempts to authenticate on the host device. | no |
| Additional UDP port #1 | 161 | no | |
| Additional UDP port #2 | 161 | no | |
| Additional UDP port #3 | 161 | no | |
telnet/rsh/rexec
Tenable Vulnerability Management performs patch auditing on non-Windows targets only.
| Setting | Default Value | Description | Required |
|---|---|---|---|
| Username | – | Login user's name. | yes |
| Password | – | Password of the user specified. | yes |
| Scan-wide Credential Type Settings | |||
| Perform patch audits over telnet | Disabled | Tenable Vulnerability Management uses telnet to connect to the host device for patch audits. | no |
| Perform patch audits over rsh | Disabled | Tenable Vulnerability Management uses rsh to connect to the host device for patch audits. | no |
| Perform patch audits over rexec | Disabled | Tenable Vulnerability Management uses rexec to connect to the host device for patch audits. | no |