Re: Changing your nessus password

["George A. Theall" <theall_at_tenablesecurity.com>]

On Tue, May 24, 2005 at 09:47:37AM -0600, Anna Grace Zapata
wrote:

> Can someone tell me if it is possible to change your
> nessus password?  If so, how do I go about that?

Assuming you're using password-based authentication, then a
user's password is stored under his/her auth directory, in a
file named either 'password' or 'hash'. If nessus-adduser
can't find a way to calculate MD5 message digests when
creating an account, it stores the password as plaintext in
the file 'password'. All you'd need to do in such cases is
edit it and replace the password with a new one in
plaintext. 

More than likely, though, it's "encrypted" and stored in the
file 'hash'. If so, there's no straightforward way to change
it. Michel Arboi did publish a Perl daemon to handle this.
If you have a need to change passwords periodically, you
might consider setting it up, although understand it's not
part of Nessus per se so you're pretty much unsupported with
it. You'll find it here:

 
http://cvsweb.nessus.org/cgi-bin/viewcvs.cgi/nessus-tools/nessus-chpw.pl

Oh, and if instead you're using certificate-based
authentication, then the password's tied to your private key
and you'll need to change it with OpenSSL or something like
that.

George

--
theall_at_tenablesecurity.com