OpenVAS 9 gsad Crashes when saving Scan config with HTTP login Credentials

Archive Greenbone Community Edition
1

Hello,

I have installed openVas 9 on Ubunto 18.04 and I can run regular scans Ok.
The problem is when I am trying to configure a scan that will login to our web application in order to find vulnerabilities accessible by logged users. I have cloned the “Full and Fast” scan and changed the Login configuration setting page.
OID: 1.3.6.1.4.1.25623.1.0.10870
Family: Settings
update the fileds
HTTP account :
HTTP password (sent in clear) :

Once I click on the save button I get unknown error message and gsad process crashes on the server.

What is going wrong? can you please advice?

Thanks,
Dan Bar-Or
Verbit

2

Can you please try it with the GCE,

if it works with the GCE please contact the Ubuntu packet maintainer and report it there. We can´t help you with any 3rd party packet.

3

Would be nice to get the backtrace of gsad.

4

I have installed and run the CGE version on VirtualBox and I still get the same behaviour. Once I configure the username and password in settings -> Login Configuration (1.3.6.1.4.1.25623.1.0.10870) and hit save I get thrown by the application and it says session expired.
Is there a way to configure GSA so it will actually login to a Web app that is trying to scan?

thanks,
Dan Bar-Or
Verbit

5

We’ve raised an issue for our developers to look into this.

Until it is fixed, here is a workaround:
Check all the boxes for ‘Replace existing value’ (even those where there is no contents in the edit box) before clicking on ‘Save’. This way the settings will be saved and gsad will not crash.

3 Likes
6

A fix seems to have arrived in the source repo with the PR below which should fix this and which is included in the next release of the GSA.

3 Likes