-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
False positives from ssl-ccs-injection.nse #1322
Comments
There's not a lot of information to go on here. Could you provide output with My guess is that it's some implementation of TLS that returns a different fatal alert than "unexpected_message" when it receives the out-of-order ChangeCipherSpec message. I'm going to try improving the script to bail out early (non-vulnerable) if any fatal error is received upon sending the first CCS message, and only send the second one to be sure. I'll also dig through the history on this one: none of the other check scripts out there send more than one CCS message. |
Sorry, I should have snagged this output before. Here's the debug messages. I confirmed with the metasploit modules just now that the same IP isn't listed as vulnerable. nmap -sT -p 443 --script ssl-ccs-injection -d2 IPADDY
|
Recently I was getting false positives from the ssl-ccs-injection.nse script. The tripwire script and metasploit module pointed at the same servers did not report the vulnerability like the nse script did, further investigation determined the nse script was throwing false positives.
Nmap version 7.70SVN latest on Kali repos.
I'm afraid I can't share my clients server info that this was happening on. Anyone else seen this behavior?
The text was updated successfully, but these errors were encountered: