[Openvas-devel] OMP always returning OK 201 Success

Matthew Mundell matthew.mundell at greenbone.net
Fri Jan 7 09:44:01 CET 2011

> I am actually referring to a bug that has already been posted. I paste
> it below because it has all the details. In a nutshell OMP does not
> throw an error if a preference name does not match a valid one. In other

Oh I see, the modify_config issue.  To repeat for the list: It's working as
I expect.  It's just that the Manager lets you modify any preference.  So
if you make a typo in the name it adds a new preference with that name.

The up side of this is that you can modify a preference before it arrives
in the feed.

Perhaps it would make more sense for the Manager to allow the modification
only if the preference exists.

> words it does not validate the user inputs. Could this be also
> considered a security vulnerability?

Well, you have to authenticate before you can do this, and at worst you can
fill the database with random preferences.

Greenbone Networks GmbH
Neuer Graben 17, 49074 Osnabrueck, Germany | AG Osnabrueck, HR B 202460
Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner

More information about the Openvas-devel mailing list