[Openvas-discuss] NVT: HTTP Brute Force Logins with default Credentials
Reindl Harald
h.reindl at thelounge.net
Mon Dec 19 15:05:15 CET 2011
Am 19.12.2011 15:00, schrieb Michael Meyer:
> *** Reindl Harald <h.reindl at thelounge.net> wrote:
>> am i stupid or is here the url missing?
>
> Yes, it's missing. I've added the url to the report. It's available via svn now.
> Should be in the feed tomorow.
thank you!
> Updated plugin should help to determine the page. I'm very interested
> in the response of the server to one of the requests which will cause
> this FP (if it is an FP).
i am pretty sure this is some old script from my early days
where i did not use correct HTTP-Status-Codes and only
a exit('Forbidden') in PHP resulting in status 200 OK
this hughe amount of default logins is simply impossible :-)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
Url : http://lists.wald.intevation.org/pipermail/openvas-discuss/attachments/20111219/9b64c2a5/signature-0001.pgp
More information about the Openvas-discuss
mailing list