On Wed, Sep 04, 2002 at 02:37:25PM +0200, [EMAIL PROTECTED] wrote: > Hi, > > it seems that there are situations, when the anonymous-ftp check in Nessus > gives false negatives. We have the case of a printer, in which the > login to an ftp server does not require a password: > > > ftp x.x.x.x > Connected to x.x.x.x > 220 FTP server ready > User (y.y.y.y:(none)): anonymous > 230 Password not required for anonymous > ftp> > > The nessus plugin, which uses the NASL function "ftp_log_in" does > not catch this anonymous ftp, because ftp_log_in (judging from the > source code) expects the ftp server to request a password > (331 Guest login ok, type name and password). > > Maybe ftp_log_in should be corrected to also take into account > situations as described above?
Fixed in the CVS, thanks. - [EMAIL PROTECTED]: general discussions about Nessus. * To unsubscribe, send a mail to [EMAIL PROTECTED] with "unsubscribe nessus" in the body.
