Incorrect Nessus scan reports -- remote web servers affected by authentication bypass vulnerability
Article ID: 316416
Updated On:
Products
VMware vCenter Server
VMware vSphere ESXi
Issue/Introduction
Symptoms:
When a Nessus scan is performed on a remote ESXi or vCenter Server host, the scan reports authentication bypass vulnerabilities. Nessus incorrectly identifies ESXi as Xerver and reports that unauthenticated protected web directories can be accessed by preceding the directory with an extra / (backslash) character if the directory is not recursively protected.
This issue is considered a false positive because the Nessus plugin setting for "Report Paranoia" was set to more false positives by default during installation.
When a Nessus scan is performed on a remote ESXi or vCenter Server host, the scan reports authentication bypass vulnerabilities. Nessus incorrectly identifies ESXi as Xerver and reports that unauthenticated protected web directories can be accessed by preceding the directory with an extra / (backslash) character if the directory is not recursively protected.
This issue is considered a false positive because the Nessus plugin setting for "Report Paranoia" was set to more false positives by default during installation.
Resolution
Nessus scan incorrectly reports authentication bypass vulnerability. You can ignore this result.
For details, please reach out to Nessus with ID e68402fd.
For details, please reach out to Nessus with ID e68402fd.
Feedback
Yes
No
Powered by
