Hello, I discovered that a developer of mine has left a mangament console in all his tomcat environment for all the world to see (and use), with the default credentials. How did I find out? just one of the hosts in my list was detected during my last scan. I became suspicious and did a manual scan of all his environments, and 99% of’em had that issue. But just one host got it detected. How comes? how to have all of them detected? I’m using an aws server as openvas server. thanks
I didn’t report my scan options because I have the openvas server off right now. I don’t think it’s relevant, anyway. I usually “consider hosts alive” and use the default fast and accurate scan. And one host is correctly detected.