I hope this is an appropriate place and question…
I started using OPENVAS on Kali Linux with the Greenbone interface.
I set up a full set up targets to align with Very Deep Ultimate scans.
and
I set up a smaller set of targets to align with Very Deep scans.
Then I correlated the scan results.
In one case, one host, the Very Deep scan shows a minor vulnerability while the Very Deep Ultimate does not show it. This one host is a target on both scans.
How can I explain that?
Without naming the “minor vulnerability” it is hard to tell.
The easiest explanation could be that the VT is doing a version check in the “Very Deep” scan config but an active check in the “Very Deep Ultimate” scan config.
1 Like
Please be aware “ultimate” scans can crash services and hosts 
So this might be the case here.
Thanks for the insights!
It was:
Medium (CVSS: 4.8)
NVT: Cleartext Transmission of Sensitive Information via HTTP
And, it appears that the Ultimate scan completed normally - but how to tell for sure?
It does seem that the vulnerabilites found aren’t of the type that would allow the remote host to shut down.
There is no difference in the “Very Deep” and “Very Deep Ultimate” scan configs which affects the results
of the mentioned “Cleartext Transmission of Sensitive Information via HTTP” so i’m moving this out of the
“Vulnerability Tests” category.
The seen differences are most likely due to e.g. Network Equipment or Firewall, IDS/IPS or similar systems which might jump in / having problems earlier affecting the collection of the data required for the mentioned VT.
Thank you!
1 Like