I have done with the scanning of one web based application and I observed two things as mentioned below:
- In the WAS report post scan completion, it shows Authentication Status- Successful (Screenshot attached- Image1.jpg). It means authentication was successful while scanning.
- At the same time whine I am checking detail vulnerabilities in the report, I found some of the issues showing Authentication "In order to detect this vulnerability, the scan required authentication to be enabled." in the Detection Information Section of the issues. (Screenshot attached- Image2.jpg)
So should we consider authentication was successful for all issues or is there any setting/configuration for the above issues?
I have attached two screenshots for your reference.