Michael Scheidell wrote: > > in the 'login configuration' add in an administrator username and password > (note, this is sent in plain text, so create a temp one)
YIKES! Does this depend upon the test being performed or the negotiated authentication protocol (LM, NTLM, NTLMv2, HTTP basic, etc.)? Is there a way to prevent exposure by configuring the scanner only to attempt authentication to clients supporting a certain level of authentication protection? -- Gary Flynn Security Engineer - Technical Services James Madison University Please R.U.N.S.A.F.E. http://www.jmu.edu/computing/runsafe
