Exclude default SSH credentials check from scan

rolek · July 7, 2021, 2:52pm

Hi everyone! I have a fresh OpenVAS 21.04 install, where I would like to exclude the default ssh credentials check from scans.

In the scan config, I have the following settings:

Under Edit Network Vulnerability Test Families (58) :

Brute force attacks:   0 of 14
Default Accounts:      0 of 287

Under Network Vulnerability Test Preferences (1108) :

Options for Brute Force NVTs    Disable brute force checks:      yes
Options for Brute Force NVTs    Disable default account checks:  yes
IT-Grundschutz: SSH and Telnet BruteForce attack \
       BruteForce Attacke with Default-Usern and -Passwords:     no

Nevertheless, when I run a task with this scan config and log_whole_attack = yes , openvas.log contains:

Launching default_ssh_credentials.nasl (1.3.6.1.4.1.25623.1.0.108013) against <ip>

How can I find out which piece of configuration is still causing this check to be executed?

I know that in this topic the answer was to not weaken your scan, but in this case I would like to do this, because we’re making a “light” scan config that we can run more often.

Thanks for any hints!

Martin · July 7, 2021, 4:04pm

Hello rolek, welcome to the Greenbone Community!

We have just identified and fixed an issue regarding this, please check out https://github.com/greenbone/gvmd/pull/1603.

It should then work as you have described.

rolek · July 7, 2021, 7:33pm

Hi Martin,

indeed, after rebuilding gvmd with the fix you mentioned, the check is excluded as expected.

Thanks a lot!