RETINA Vulnerability Scan Locking up User Accounts

Last post 08-01-2009 7:47 PM by jockey. 4 replies.

Page 1 of 1 (5 items)
	Sort Posts: Previous Next

06-04-2008 9:48 AM

William Spencer
Joined on 06-04-2008
Posts 2

RETINA Vulnerability Scan Locking up User Accounts

Reply Contact

I am running the latest Retina Policy and scanning servers on my network. When scanning a Web Server, the user accounts are being locked out.

See the following server Security LOG extract.

6/4/2008 11:23:56 AM Security Failure Audit Logon/Logoff 539 NT AUTHORITY\SYSTEM BOLFMWS11 "Logon Failure:
  Reason:  Account locked out
  User Name: BQUpload
  Domain: BOLFMWS11
  Logon Type: 8
  Logon Process: IIS
  Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
  Workstation Name: BOLFMWS11
  Caller User Name: BOLFMWS11$
  Caller Domain: AFNCR
  Caller Logon ID: (0x0,0x3E7)
  Caller Process ID: 1600
  Transited Services: -
  Source Network Address: -
  Source Port: -
"
6/4/2008 11:23:56 AM Security Failure Audit Account Logon 680 NT AUTHORITY\SYSTEM BOLFMWS11 "Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon account: BQUpload
Source Workstation: BOLFMWS11
Error Code: 0xC0000234
"

6/4/2008 11:10:32 AM Security Failure Audit Logon/Logoff 539 NT AUTHORITY\SYSTEM BOLFMWS11 "Logon Failure:
  Reason:  Account locked out
  User Name: IUSR_BOLFMWS11
  Domain:
  Logon Type: 8
  Logon Process: IIS
  Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
  Workstation Name: BOLFMWS11
  Caller User Name: BOLFMWS11$
  Caller Domain: AFNCR
  Caller Logon ID: (0x0,0x3E7)
  Caller Process ID: 1600
  Transited Services: -
  Source Network Address: -
  Source Port: -
"
6/4/2008 11:10:32 AM Security Failure Audit Account Logon 680 NT AUTHORITY\SYSTEM BOLFMWS11 "Logon attempt by: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
Logon account: IUSR_BOLFMWS11
Source Workstation: BOLFMWS11
Error Code: 0xC0000234
"
_________________________________________________________________

Is there any script in RETINA that will cause these accounts to be locked out? Each time we run RETINA on this server, the user accounts get locked out.

William H. Spencer

Filed under: error, application, Vulnerability Assessment, Retina

06-23-2008 6:45 PM In reply to

Blue1978
Joined on 06-07-2007
Posts 1,062

Re: RETINA Vulnerability Scan Locking up User Accounts

Reply Contact

I am assuming you have the full paid for version of Retina (the standalone scanner) that you are speaking of here? If you do, you are entitled to support through a specific customer portal located at:

https://www.eeye.com/clients/login.html?access=2&target=/clients/index.html&rnd=080114.195019.109229.341

Folks that use the Professional version of Blink and the other eEye products can set up an account via this portal for submitting trouble tickets and so forth through. I have gotten great support via this method. Unfortunately, these forums were intended for the users of the Personal Edition of Blink to come to for problems.

Hope this helps. :)

Filed under: Customer Portal

12-06-2008 6:36 AM In reply to

kinh.nguyen
Joined on 12-06-2008
Posts 1

Re: RETINA Vulnerability Scan Locking up User Accounts

Reply Contact

Hi, I am also experiencing the same problem. Is this a Retina Issue or a setting on the server that is being scanned? Do you have a solution yet?- thanks in advance.

12-06-2008 3:57 PM In reply to

nomuus
Joined on 10-31-2007
Posts 61

Re: RETINA Vulnerability Scan Locking up User Accounts

Reply Contact

Please login to the client support portal and submit a ticket along with any packaged support files related to the issue.

http://www.eeye.com/html/support/index.html

08-01-2009 7:47 PM In reply to

jockey
Joined on 08-01-2009
Posts 1

Re: RETINA Vulnerability Scan Locking up User Accounts-Did you ever get answer?

Reply Contact

Re: RETINA Vulnerability Scan Locking up User Accounts-

Did you ever get an answer?

jockey

Page 1 of 1 (5 items)

eEye Digital Security