We have been using Qualys for general vulnerability management for some time now, and we are thinking about implementing authenticated scans. Does anyone know how/where the passwords used for authenticated scans are stored? Are they stored in the Qualys cloud? In the internal appliance? Could a breach of Qualys allow root/admin access to our internal network?
Thanks for any thoughts!