Credentials for local security checks are required to allow NVTs to log into target systems, e.g., for locally checking the presence of all vendor security patches.
An authenticated scan can provide more vulnerability details on the scanned system. The scan requires the prior setup of user credentials. These credentials are used to authenticate to different services on the target system. In some circumstances, the results could be limited by the permissions of the users used.
All existing credentials can be displayed by clicking on the Credentials tab.
For all credentials, the following information is displayed:
Name: Name of the credential
Type: Chosen credential type.
Allow insecure use: Indication whether the GSM can use the credential for unencrypted or otherwise insecure authentication methods.
Login: The user name for the credential if a credential type that requires a user name is chosen.
For all credentials, the following actions are available:
- Delete the credential. Only credentials, which are currently not used, can be deleted.
- Edit the credential.
- Target using the credential
Click on the Name of a credential to display the details of the credential.
Creating a Credential
A new credential can be created as follows:
Click on New credential and configure the next parameters:
Name: Definition of the Name. The Name can be chosen freely.
Comment: An optional comment can contain additional information
Allow insecure use: Select whether UTMStack can use the credential for unencrypted or otherwise insecure authentication methods.
Username: Definition of the login name used to authenticate on the scanned target system.
Password: Definition of the password used to authenticate on the scanned target system.