From: Jamie C. <jca...@we...> - 2001-05-28 23:43:25
|
Bryan Dumm wrote: > > > If they still bother you, try this .. go into Webmin Configuration -> > > Authentication and turn off session authentication mode. Then re-login to > > webmin and run nessus again .. I bet it will no longer report any of the > > 'vulnerabilities'. > > > > - Jamie > > Why so? Just curious, on why session authentication mode causes > nessus to go whacky. :) The reason is that when using 'traditional' HTTP authentication, webmin will return a 404 (not authenticated) error to every test request that nessus makes, because of course it doesn't know the webmin password. However, in session authentication mode webmin will return the HTML login form to unauthentication requests from nessus, which nessus thinks means that the CGI it requested does exist on the webserver and thus the system is vulnerable! - Jamie |