Join GitHub today
rexec-brute.nse returns false positives #1090
The rexec-brute.nse script reports username:password combinations as "valid credentials" even though the response from the server is "rexecd: Login incorrect".
After looking at the source of the script it looks like it reports every tried user:pass combination as valid as long as the server sends a response. (https://svn.nmap.org/nmap/scripts/rexec-brute.nse)