User accounts get locked out during a scan with Control Compliance Suite Vulnerability Manager (CCS VM) 12.x

book

Article ID: 170724

calendar_today

Updated On:

Products

Control Compliance Suite Vulnerability Manager

Issue/Introduction

Running a scan against a machine and during the scan an account on the endpoint gets locked out.

 

Cause

Enabling any of these options for a scan may cause account lockouts to occur:

  • Account password reverse of account
  • Account password same as the account
  • Account with no password
  • Enumerate username

Testing for these simulates the same behvior as a brute force attack due to the repeated login attempts. In an enviormment with a failed authentication limit, this may trigger a lockout event.

Environment

CCS VM version 12.x

Resolution

You may unselect these options during a scan to prevent lockouts.