From: Robert K. <Rob...@br...> - 2001-05-30 08:59:36
|
Had anyone asked the nessus guys about this issues? Greetings Robert Krauss "KMAN" <mai...@ho...> Gesendet von: web...@li... 30.05.2001 05:32 Bitte antworten an webadmin-list An: <web...@li...> Kopie: Thema: Re: security issues after installing webmin > KMAN wrote: > > > > > However, in session authentication mode webmin will return the HTML > > login form > > > to unauthentication requests from nessus, which nessus thinks means > > that the > > > CGI it requested does exist on the webserver and thus the system is > > vulnerable! > > > > > > > Then, can we assume this is a serious flaw on nessus? :-) > > I guess so .. but then again, there isn't really any other way nessus could > do things. > > - Jamie Just curious. If nessus is running the scan using vulnerability data probably out of its database, why can't it check the output using the same database too? This can improve accuracy to a certain extent. (This can be all wrong if my assumption of nessus using the database is incorrect.) -kittiwat - Forwarded by the Webmin mailing list at web...@li... To remove yourself from this list, go to http://lists.sourceforge.net/lists/listinfo/webadmin-list |
From: KMAN <mai...@ho...> - 2001-05-31 03:41:38
|
He He.. you're right. We didn't. -kittiwat ----- Original Message ----- From: "Robert Krauss" <Rob...@br...> To: <web...@li...> Sent: Wednesday, May 30, 2001 3:41 PM Subject: Antwort: Re: security issues after installing webmin > Had anyone asked the nessus guys about this issues? > > Greetings > Robert Krauss > |