Assembla home | Assembla project page
 

Ticket #34 (closed defect: fixed)

Opened 2 years ago

Last modified 5 months ago

False positive on check 002080

Reported by: deity Assigned to: deity
Priority: low Milestone:
Component: Data Version: 2.03
Severity: normal Keywords:
Cc:

Description (Last modified by deity)

Check 002080 checks for the existence of /localstart.asp and return a "may be interesting" response if it gets "You are not authorized" [sic] in the response.

But, if you're checking a server that requires authentication and have provided valid credentials; you get this error even when localstart.asp doesn't exist.

Change History

06/19/08 18:16:03 changed by deity

  • description changed.
  • milestone set to Nikto 2.03.

07/08/08 20:09:45 changed by deity

  • owner set to deity.
  • status changed from new to assigned.
  • milestone changed from Nikto 2.03 to Nikto 2.04.

Moving to Nikto 2.04 as I don't currently have a test environment for IIS.

09/12/08 16:17:26 changed by deity

Ouch! This is a fun one. It's not a bug in returning the right result for the item. It seems that nikto 2 only allows authentication against the default realms in the db_realms file.

If you supply one through -id on the command line; it doesn't actually do anything with it... This is going to take a while!

09/24/08 17:37:18 changed by deity

  • status changed from assigned to closed.
  • resolution set to fixed.

Fixed by adding passed credentials to the list of realms and a new test for if localstart.asp is found.

Fixed in revision #81.

10/28/09 11:13:19 changed by

  • milestone deleted.

Milestone Nikto 2.04 deleted