I have installed openVas 9 on Ubunto 18.04 and I can run regular scans Ok.
The problem is when I am trying to configure a scan that will login to our web application in order to find vulnerabilities accessible by logged users. I have cloned the “Full and Fast” scan and changed the Login configuration setting page.
OID: 1.3.6.1.4.1.25623.1.0.10870
Family: Settings
update the fileds
HTTP account :
HTTP password (sent in clear) :
Once I click on the save button I get unknown error message and gsad process crashes on the server.
I have installed and run the CGE version on VirtualBox and I still get the same behaviour. Once I configure the username and password in settings -> Login Configuration (1.3.6.1.4.1.25623.1.0.10870) and hit save I get thrown by the application and it says session expired.
Is there a way to configure GSA so it will actually login to a Web app that is trying to scan?
We’ve raised an issue for our developers to look into this.
Until it is fixed, here is a workaround:
Check all the boxes for ‘Replace existing value’ (even those where there is no contents in the edit box) before clicking on ‘Save’. This way the settings will be saved and gsad will not crash.