Does Qualys Vulnerability Management PCI scans perform default credentials/password checks, does it scan for /manager/html or /manager-host/html page? how can I find information if these pages were scanned?
QualysGuard PCI performs default/blank password checks for platforms it encounters as required by the PCI ASV Program Guide. You can determine the specific links that were crawled on a PCI scan by doing the following:
Under the "result" section of this QID you will find the links crawled during the application portion of the scan.
Thanks for the information, it is helpful and it helped to identify the external links too (QID 150010). This will help me generate all web server lists too.
Retrieving data ...