• Vulnerability scan Report of Elastic Beanstalk (aws) having OpenSSH version as 7.8 using Qualys shows “OpenSSH Username Enumeration Vulnerability”

    While doing vulnerability scan of an Elastic Beanstalk (aws) having OpenSSH version as 7.8 using Qualys , scan report shows “OpenSSH Username Enumeration Vulnerability” as shown in the screenshot below: S...
    Bridgei2i Analytics
    last modified by Bridgei2i Analytics
  • Improving Vulnerability Remediation Through Better Exploit Prediction

    Found interesting information in the following doc:   https://weis2019.econinfosec.org/wp-content/uploads/sites/6/2019/05/WEIS_2019_paper_53.pdf
    created by marioc
  • Generate report with Local Username

    I am trying to run a report that will give me the local usernames of the host that have the QID 105236 vulnerability.  I have run an asset report but I could not figure out how to get the report to tell me local ...
    Russ Schneider
    created by Russ Schneider
  • User account password expiration exclusion

    Currently the user account password policy is subscription-wide and no account may be excluded from them. I along with others have presented API and reporting scenarios to justify excluding certain accounts from pas...
    last modified by apedret
  • SambaCry Inquiries from Qualys customers: CVE-2017-7494

    Based on a client inquiry, the vulnerability management product team confirmed that no Samba code is installed on any physical, virtual, internal or perimeter scanners. The scanner OS (CentOS based) does not have any ...
    Mark Butler
    last modified by Mark Butler
  • FreeBSD Stackclash

    QID 370433 is detected on all my BSD hosts, all of which are 11.2-RELEASE-p4 or later. I have downloaded all the PoC code from ExploitDB and tested it against these hosts and have seen no evidence of privilege escalat...
    Rick Chisholm
    last modified by Rick Chisholm
  • QID 90126 - Pending Reboot

    I am curious if Qualys only looks for one value in the registry to determine if a system is "pending reboot".  Per the description, and based on what I have seen in my environment, this is all I ever see reported...
    last modified by adamc
  • Dashboards and Visualizations

    I am surprised Qualys does not offer a Dashboard feature that would allow data/metrics to be shown on screens like on SOC floors etc.  From what I can see, we are limited to the general VM and the AssetView ...
    last modified by adamc
  • Null Sessions: QIDs 70003 vs 90044

    Hi all,   Qualys flags a lot of my assets with the QID 90044 (Allowed Null Session) and only a few of them with the QID 70003 (Null Session/Password NetBIOS Access).   QID 90044 checks if th...
    Albert Ros
    created by Albert Ros
  • Deactivated Reports and now Scans

    Hi, two weeks ago I observed scheduled reports becoming deactivated, and today I see that scans are being deactivated all by themselves.  #144629 has been added to with scan details.   Anyone else observing...
    last modified by Chalky_White
  • What are scenarios in which one should purge an asset and one shouldn't?

    After an asset has been purged, and later it is needed to scan the asset again, do the asset needs to be subscribed again to Qualys?
    Gaurav Kumar
    last modified by Gaurav Kumar
  • Anyone on US Platform 2 willing to share what scanner version and signature versions?

    I am just trying to see if there is an issue or not. We have two different physical appliance models, QGSA-3120-A1 and QGSA-4120-A1.   Our 3120 appliances are at scanner version 10.1.30-1 and the signatures are ...
    last modified by psaux
  • Scanner Activity Graphic Script

    As a number of people have requested this I'm making my old shell script to create PNG graphics to show SA activity available here. I'm no programmer and Eric would likely code this in half the text but here it is any...
    Damian OHara
    last modified by Damian OHara
  • Sub Forums - Windows Server, Linux Server, Cisco Ironport

    If we have a sub forum for common operating system or other hardware like cisco ironport, then it would be easy to contribute. As an infrastructure security professionals we could contribute to the wider community and...
    last modified by knrrrganesh1
  • Windows Updates Requiring Registry Configs

    This seems to be a current topic of interest by some of the members.     These are the MS updates requiring registry configurations that I am aware of.  
    last modified by adamc
  • How to Setup SSH Keys instead of Passwords for Linux Servers

    Note: Workflow detailed by mwalker Step 1: How do I generate an ssh key pair: Windows Mac OS Linux Step 2: How do I distribute my Public Key The public key to be used for Unix authentication needs t...
    Laura Seletos
    last modified by Laura Seletos
  • Open SSL vulnerability  QID: 38626 CVE ID: CVE-2016-2107

    Hi Team,   I am getting Open SSL vulnerability in Windows server, when I researched found that in Windows server  not use OpenSSL but found "ssleay32.dll " file use OpenSSL, uses many applications...
    shivaprakash T
    last modified by shivaprakash T
  • False positives

    I have a hundreds of Centos 6 boxes showing as unpatched for stack clash. However they have been patched. rpm -q -changelog kernel-2.6.32-696.6.3.el6.x86_64 - [mm] enlarge stack guard gap (Larry Woodman) [1452729 145...
    last modified by neilc
  • QID 370410 - Sudo_get_Process_ttyname() - AIX Impact?

    Hi,  Does QID 370410 affect AIX servers ? . As far as i am aware, this vulnerability is specific to Linux Systems and all the resources / CVE pages have listed different distro's of Linux as impacted but not AIX...
  • Vulns from Shadow Brokers

    QID -   TITLE   87284 - Microsoft Internet Information Services 6.0 Buffer Overflow Vulnerability - Shadow Brokers (EXPLODINGCAN) Zero Day    ISSUE:  this only detects for IIS, not if t...
    last modified by adamc