Hi,
On 30.05.2017 13:21, Dehm, Jochen wrote:
> The nvt 1.3.6.1.4.1.25623.1.0.103240 claims that it is possible to log
> on a server with the following data:
>
> It was possible to login with the following credentials
> <Url>:<User>:<Password>
> https://servername/mob/:FIELD:HPONLY
> https://servername/mob/:MAIL:MPE
>
> Fortunately this is not true. How can such a result come? Do I have a
> thought mistake?
>
> regards joed
let me have a look. Any chances that you could:
1. apply the attached patch to your plugins folder
-> You might need to set nasl_no_signature_check = yes in your
openvassd.conf if using a signed NVT feed
2. re-run the scan
3. send me the content of the openvassd.dump via private/direct mail
Thanks,
--
Christian Fischer | PGP Key: 0x54F3CE5B76C597AD
Greenbone Networks GmbH | http://greenbone.net
Neumarkt 12, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460
Geschäftsführer: Lukas Grunwald, Dr. Jan-Oliver Wagner
Index: default_http_auth_credentials.nasl
===================================================================
--- default_http_auth_credentials.nasl (revision 6249)
+++ default_http_auth_credentials.nasl (working copy)
@@ -130,6 +130,7 @@
if( res && ! isnull( res ) && ( res !~ "HTTP/1.. 500" ) && ( res !~ "HTTP/1.. 40[0138]" ) ) {
c++;
set_kb_item( name:"default_http_auth_credentials/" + port + "/credentials", value:url + "#-#" + user + ":" + pass );
+ display('Request:\n' + req + '\n\nResponse:\n' + res);
}
}
}
@@ -136,6 +137,7 @@
} else if( res && ! isnull( res ) && ( res !~ "HTTP/1.. 500" ) && ( res !~ "HTTP/1.. 40[0138]" ) ) {
c++;
set_kb_item( name:"default_http_auth_credentials/" + port + "/credentials", value:url + "#-#" + user + ":" + pass );
+ display('Request:\n' + req + '\n\nResponse:\n' + res);
}
}
}
_______________________________________________
Openvas-discuss mailing list
[email protected]
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-discuss
