Is anyone else getting errors that come up like the one i have attached. I found why its happening, but its not ideal for me to change permissions for the user. It seems this user is added two several sites and asset groups. He is trying to scan particular asset which is in both sites. One site is my master site only for admins. The other for general users. He gets this error attached when trying to scan a asset but doesn't have permission to my master site. If i give him access to both hes good. But my master site is only for admins. Any thoughts?
Posted by Vanessa villalpando 25 days ago
Has anyone seen this error in their logs? We are finding that these machines are not checking into the console. [WinError 10053] An established connection was aborted by the software in your host machine 2019-05-14 22:55:54,541 [INFO] [agent.agent_socket.AGS.51966864.cmsgpack://endpoint.ingress.rapid7.com:443]: Resolver found 3 resolved entries for endpoint.ingress.rapid7.com 2019-05-14 22:55:54,542 [INFO] [agent.agent_socket]: Setting resolver entry retention to 300s before next refresh for server 'endpoint.ingress.rapid7.com' 2019-05-14 22:55:54,543 [INFO] [agent.agent_socket.AGS.51966864.cmsgpack://endpoint.ingress.rapid7.com:443]: Setting non-TLS timeout to 10s 2019-05-14 22:55:54,546 [INFO] [agent.agent_socket.AGS.51966864.10.87.xx.xx:51058<->cmsgpack://184.108.40.206:443]: Initial connection established. 2019-05-14 22:55:54,548 [WARNING] [agent.agent_socket.AGS.51966864.10.87.xx.xx:51058<->cmsgpack://220.127.116.11:443]: SocketTracker-endpoint.ingress.rapid7.com:443 attempt 1 - Failed: [WinError 10053] An established connection was aborted by the software in your host machine 2019-05-14 22:55:54,549 [WARNING] [agent.agent_socket.SMT.51968488.endpoint.ingress.rapid7.com:443]: Non-responsive - jailing for 54s
Posted by Joseph Gothelf 26 days ago
I am receiving an error when I log into my InsightVM console. The error says the following. An error occurred while retrieving or submitting data. I am not getting my agents populated in the console, I don't know if this error has anything to do with it. What should I look at to resolve this as we are very very new to the Insight platform. Thank you, Tony
Posted by Tony DeMarco 26 days ago
Hello, I'm running Metasploit on windows server 2008, when i try to open the web UI it gets stuck I've checked the services and noticed "metasploitPostgreSQL" isn't running when i try to start it, it stops automatically. could this be why my metasploit isn't working? Kindly assist. Thanks
Posted by Wale Jose 27 days ago
Created an SLA to track remediation of critical vulnerabilities within ## of days of discovery. My question is does the day of discovery mean the day the vulnerability was first detected within our environment or the first time the vulnerability was seen since the day I created the SLA? Thanks
Posted by David Miller about a month ago
I show a vulnerability for Admin account for telnet is utilizing password of Admin: Password of "password" we tried to telnet into these devices using admin password to no avail. where does repaid 7 pull this information or is this a false positive?
Posted by Randy Templeton about a month ago
Is there a policy check for Network Level Authentication? I can't seem to find it in the CIS or DISA Stig checks. Curious due to the May 2019 RCE vulnerability disclosure. I'm referring to this to be exact: Computer Configuration -> Administrative Templates -> Windows Components -> Remote Desktop Services -> Remote Desktop Session Host -> Security.
Posted by Mike Conroy about a month ago
Hello All, Good day I saw (potential) vulnerability when scanning one of Ubuntu 16.04 system with Nexpose. However, upon inspecting the /usr/bin/at, I saw that it is an executable file/binary rather than a shell script. Moreover, it's ownership is daemon:daemon not root. Is the file still vulnerable with "SUID Bit Set Upon Script File" ? SUID Bit Set Upon Script File CVSS (AV:L/AC:M/Au:N/C/I/A) CVSS Score 4.4 Under many UNIX-like operating systems, setting the SUID bit on an interpreted script file can lead to an exploitable race condition that yields elevated privileges. Vulnerable Script: /usr/bin/at Remediation BEGIN # Remove the suid bit from the script Configuration remediation steps The SUID bit should be removed from the script.
Posted by Compete2Cooperate about a month ago
Hey all, I am getting a number of results that are failing, but should be passing. For example (this is for Windows 10): the proof says: At least one specified Password Policy entry must match the given criteria. At least one evaluation must pass This one is a pass max_passwd_age = 5184000 min_passwd_age = 86400 min_passwd_len = 14 password_hist_len = 24 password_complexity = true reversible_encryption = false This is a fail. max_passwd_age = 3710851 min_passwd_age = 0 min_passwd_len = 0 password_hist_len = 0 password_complexity = false reversible_encryption = false So basically, there are 2 results that InsightVM see. One is a pass (24 password history length) and one is a fail (0 password history length). But in the report, it always fails the compliance rule. This is just one example of many. Some fail with 2 results, some pass. I have a ticket with Rapid7 but they haven't responded for a while. Just wondering if anyone else is having / has had this problem. Thanks
Posted by Russell about a month ago
I generate a general report for users the top 25. Looks like it gives risk of 100 percent as well as 100 % vulnerabilities. It doesn't look right how is this calculated, yeah in a perfect if you fix 100 percent of the vulnerabilities you will get 100 percent lowered risk score...how do i explain to people what those two scores are on this report?
Posted by Vanessa villalpando about a month ago
This is the second time i have done a version upgrade on my application and both times it has lost the ability to let my ldap script correlate to the console. It says one or more authentication services are unavailable, the first time the engineer fixed it but now I need documentation on what commands to run since its happened both times i have upgraded versions. I'm asking because i currently have ticket it and no users are able to login using ldap. HELP. Version upgrade documentation should have the after effects and solutions.
Posted by Vanessa villalpando about a month ago
My Insight console is reporting several vulnerabilities associated with the Java that is installed as part of the scan engine itself: Vulnerable software installed: Oracle JRE 18.104.22.168 (/opt/rapid7/nexpose/_jvm1.8.0_192/lib/rt.jar) Should we expect Rapid7 to publish an automatic update that eliminates these vulnerabilities? The vulnerabilities were published late last month. Chris
Posted by Christopher Ursich about a month ago