If you decide to build your own GSE-based setup of GVM or you decide to use a “3rd-party integration” or a “uncoordinated integration”, we strongly recommend to audit some security aspects of it.
We noticed and get noticed about several offering of such integrations where some fundamental security basics are not correctly implemented out of the box, for example default passwords for internet reachable services or the use of weak SSL/TLS ciphers.
The easiest way to audit the GVM setup is to scan it with GVM. It will identify several of the standard mistakes. Make sure you catch the service ports as some integrations use uncommon ports. You should check this with netstat or similar commands to catch all used ports of your installation to be sure your port list is complete.
If you can’t fix the security violations yourself, please consider the Greenbone Community Edition (GCE)
or a commercial product of the Greenbone Security Manager (GSM) appliance family.
It makes absolutely no sense to file a CVE or other alerts about an insecure integration of the Greenbone Source Edition.
The source edition does not create default passwords and it does not ship static SSL/TLS certificates or weak ciphers. If you want to complain about it, please contact the creators of the integration. Do not blame GVM or Greenbone for it - our solutions and products implement all security best practices.