Windows Audit Failure events show failed login attempts for many 'Default' usernames

I’ve run a Fast and full scan then checked in the security event log and it shows alot (Approx 1500 events) of failed login attempts from the Openvas machine.
The user accounts seem to be known default type usernames like admin, manager, etc.
Is this normal as I cant find any documentation around this.
Thanks in advance.

Hi,

you can find the relevant documentation here:

snip

  • Scans may result in user accounts being locked due to the testing of default username/password combinations.

https://docs.greenbone.net/GSM-Manual/gos-4/en/read_before_use.html

2 Likes