Which NVT is causing Vmware ESXi to lock Login

Hello,

i have the problem that some kind of NVT runs default username/password combinations against our ESXi Servers https login page (i think so, ssh is disabled).
This would be OK but after several failed trys the ESX Server locks the login for all users, which is the reason i want to disable this NVT.

i already run some tests where i disabled the whole “Default Accounts” “VMware” and “Brute force attacks” NVT family. but the issue still occurs. can someone point me to the NVT which causes this behaviour ?

we are using this docker repo:
https://hub.docker.com/r/mikesplain/openvas/

Thanks in advance.

Hi,

you can set the log_whole_attack setting in your openvassd.conf (location depends on your installation) to yes to get a logging of each launched VT and its launch time into your openvassd.messages (GVM-9) or openvassd.log (GVM-10+) (location for both depends on your installation as well).

For a description of this setting see man openvassd or:

https://github.com/greenbone/openvas-scanner/blob/openvas-scanner-5.1/doc/openvassd.8.in#L78-L79

1 Like

Hi,
I have the problem also to find the NVT that causes this lock out. Did you find a solution at that time?

Try to remove
Mark host as dead if going offline (failed ICMP ping) during scan - Phase 5 and
Mark host as dead if going offline (failed ICMP ping) during scan - Phase 6