[Full-Disclosure] Nessus stores credentials in plain text

From: ~Kevin Davis≥ (computerguy_at_cfl.rr.com)
Date: 03/27/04

  • Next message: ~Kevin Davis≥: "[Full-Disclosure] NessusWX stores credentials in plain text"
    To: <full-disclosure@lists.netsys.com>
    Date: Sat, 27 Mar 2004 00:01:42 -0500
    
    

    I have posted this issue to a couple entities like bugtraq and CERT with no response. I mentioned this issue to an organization today which was considering using Nessus as a vulnerability scanner to assess their network security issues and this was in violation with their security policy so they are reconsidering using it. Please read below...

    Software Vendor: Nessus (www.nessus.org)
    Software Package: Nessus
    Versions Affected: 2.0.10a (possibly others)
    Synopsis: Username and password for various accounts stored in unencrypted plain text

    Issue Date: Feb 22, 2004

    Vendor Response: Vendor notified December 4, 2003
       Vendor declined to resolve issue

    ================================================================================

    1. Summary

    The open source Nessus Vulnerability scanner stores the credentials of
    various types of accounts in unencrypted plain text in a configuration file.

    2. Problem Description

    The .nessusrc files stores username and password information for various types
    of accounts in unencrypted plain text. Those parameters are typically set from
    the native nessus client but also can be added manually. When setting these parmeters
    from the Nessus client, the user is also not informed of this sensitive information
    being stored insecurely. This potentially affects the following types of accounts:

    FTP
    IMAP
    POP2
    POP3
    NNTP
    SNMP
    SMB (Windows NT Domain)

    3. Solution

    None at this time. A lengthy discussion with the vendor resulted in the vendor's
    decision that this was not a security risk that warrants resolution on.

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: ~Kevin Davis≥: "[Full-Disclosure] NessusWX stores credentials in plain text"

    Relevant Pages

    • Lookup then consolidate data from an Excel database
      ... I am struggling to find formulae for a worksheet. ... I have many line items from a Chart of Accounts on which I want to be ... I want to have a simple data input worksheet (vendor ...
      (microsoft.public.mac.office.excel)
    • Nessus
      ... I have been doing some preliminary scans over a few test machines. ... Can Nessus do this? ... of accounts with blank passwords. ... enumerate netBIOS accounts and then use a dictionary attack against ...
      (comp.security.misc)
    • Nessus question
      ... I have been doing some preliminary scans over a few test machines. ... Can Nessus do this? ... of accounts with blank passwords. ... enumerate netBIOS accounts and then use a dictionary attack against ...
      (comp.security.unix)
    • Re: Nessus
      ... > I have been doing some preliminary scans over a few test machines. ... Can Nessus do this? ... > of accounts with blank passwords. ... > the target machine for a hacker to pull account names and then be able ...
      (comp.security.misc)
    • [Full-Disclosure] NEWT Scanner stores credentials in plain text
      ... Software Vendor: Tenable Security ... Software Package: Newt ... Username and password for various accounts stored in unencrypted plain text ...
      (Full-Disclosure)