Hi everyone,
I need some assistance with performing authenticated scans on a system that has two-factor authentication (2FA) enabled. Here’s a bit more detail about my situation:
- System Details: The target system is running Linux.
- Authentication Method: The system requires 2FA for login, which involves the typical username and password as a first ffactor and FIDO U2F as a secoound factor.
Challenges:
- Since 2FA requires a second form of authentication after the initial password, I am unsure how to automate the scan without manual intervention for each login attempt.
- Greenbone currently supports username and password for authentication but does not natively support 2FA.
Questions:
- Is there a way to bypass or integrate 2FA into the scanning process to allow for automated authenticated scans?
- Are there any specific tools or plugins that can handle 2FA while performing scans?
- Has anyone else faced similar issues, and how did you overcome them?
Any guidance, suggestions, best practices or solutions would be very much appreciated. Thank you!