Hey, when looking at bash_history we can see cleartext username and password used for ssh. Is there a way to disable this or send it in encrypted format.
Additionally is the same password used for priv escalation ? If yes can we disable this ?
Can you please specify what password you mean and for what connection ?
For authenticated VTs ?
On our appliance we do encrypt all passwords / keys with GPG. Additionally you can use key based authentication to avoid any passwords.
32 /bin/sh
33 /bin/sh -c ‘LANG=C; LC_ALL=C; echo “login test”’
34 /bin/sh -c ‘LANG=C; LC_ALL=C; uname -a’
35 cmxctl version
36 /bin/sh -c ‘LANG=C; LC_ALL=C; getserverinfo’
37 Administrator
** 38 admin**
39 show sysinfo
40 show inventory
41 sudoedit -s ‘’ perl -e 'print "A" x 65536'
In the above condition Administrator and admin are my ubuntu credentials. Additionally I hardcoded the username and password on the ssh_authorization_init.nasl
ssh_login_name = “Administrator”;
ssh_password = “admin”;
Side note I see the same with greenbone gui interface
Sorry but modified VTs are not supported at all. Why don´t you use a public/private key to avoid that ?