http://lists.wald.intevation.org/pipermail/openvas-announce/2013-November/000157.html For OpenVAS Manager, this is a security release addressing a serious security bug and it is highly recommended to update any installation of OpenVAS Manager 3.0 and 4.0 with the corresponding release. A software bug in OpenVAS Manager allowed an attacker to bypass the OMP authentication procedure. The attack vector was remotely available in case OpenVAS Manager was listening on a public network interface. In case of successful attack, the attacker gained partial rights to execute OMP commands. The bypass authentication was, however, incomplete and several OMP commands failed to execute properly. Use CVE-2013-6765. For OpenVAS Administrator, this is a security release addressing a very serious security bug and it is highly recommended to update any installation of OpenVAS Administrator 1.2 and 1.3 with the corresponding release. A software bug in OpenVAS Administrator allowed an attacker to bypass the OAP authentication procedure. The attack vector was remotely available in case OpenVAS Administrator was listening on a public network interface. In case of successful attack, the attacker was able to create and modify users and could use the gained privileges to take control over an OpenVAS installation if the Scanner and/or Manager instances controlled by this Administrator instance were also listening on public network interfaces. Use CVE-2013-6766.