A few of my workstations had no vulnerabilities for a while. Suddenly, some have a little over 100. One of them is pictured here. Has anyone else experienced this recently? Very strange.
Some thoughts based of the above information. Were credentials used, and previously not used? Could someone have modified the account used as credentials if credentials were used? Also, if we were able to take advantage of a default account vulnerability, we would use those credentials to do a credentialed scan. In the end, all of these vulnerabilities would require credentials so that is where I would start looking.
Has to be a difference between an auth’d and non auth’d scan. For a workstation to have 0 vulnerabilities is normally a sure sign its not being authenticated scanned properly for me.
Have a look through your scan history for those machine and see if the authentication success dot was grey and is now green.
That was it. I entered my domain credentials and now I am getting accurate scans. Can’t believe I didn’t do it this whole time.