----- Original Message ----- From: "Gary Flynn" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, April 17, 2002 2:40 PM Subject: Re: Newbie: NT Administrator Rights for Scans
> Michael Scheidell wrote: > > > > in the 'login configuration' add in an administrator username and password > > (note, this is sent in plain text, so create a temp one) > > YIKES! Does this depend upon the test being performed or the > negotiated authentication protocol (LM, NTLM, NTLMv2, HTTP > basic, etc.)? Is there a way to prevent exposure by configuring > the scanner only to attempt authentication to clients supporting > a certain level of authentication protection? no. nessus is using raw smb_ calls (you can see (and edit them if you like) in smb_nt.inc. > > -- > Gary Flynn > Security Engineer - Technical Services > James Madison University > > Please R.U.N.S.A.F.E. > http://www.jmu.edu/computing/runsafe >
