Hello,
-----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Henri Doreau Sent: Monday, January 02, 2012 11:31 PM To: Jan-Oliver Wagner Cc: [email protected] Subject: Re: [Openvas-plugins] Change or split Traceroute? > Hello, 2012/1/2 Jan-Oliver Wagner <[email protected]>: >> However, in some cases it might be a information leak problem. What are the information leak cases? Any information that is gathered by the scanner should be made part of the report, apart from the debug kind of information that can go into the logs. >> >> So, I wonder whether we should split this functionality into two NVTs: >> - one that simply retrieves the traceroute information and stores it >> in the host details. >> - one that reads the host details and sends a security note if it >> looks >> reasonable to do so (what are the hints for information leaks?) >> Ideally this NVT should already define a CVSS which explains the >> the severity with its base vector. >> >> What do you think? >> > could you elaborate on situations where reporting the detailed traceroute information would be a problem? We should pay attention to the fact that host > details end up in the final reports just like the security messages. Chandra. _______________________________________________ Openvas-plugins mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-plugins
