NSE encounters an error if the code prescribes HTTP digest authentication but the target server does not supply header WWW-Authenticate:
/usr/bin/../share/nmap/nselib/sasl.lua:121: attempt to concatenate a nil value (field 'nonce')
stack traceback:
/usr/bin/../share/nmap/nselib/sasl.lua:121: in method 'calcDigest'
/usr/bin/../share/nmap/nselib/http.lua:1416: in function 'http.generic_request'
/usr/bin/../share/nmap/nselib/http.lua:1766: in function 'http.get'
(...tail calls...)
The following patch rectifies the issue:
--- a/nselib/http.lua+++ b/nselib/http.lua@@ -1404,7 +1404,7 @@
options_with_auth_removed["auth"] = nil
local r = generic_request(host, port, method, path, options_with_auth_remov
local h = r.header['www-authenticate']
- if not r.status or (h and not string.find(h:lower(), "digest.-realm")) then+ if not (r.status and h and string.find(h:lower(), "digest.-realm")) then
stdnse.debug1("http: the target doesn't support digest auth or there was
return http_error("The target doesn't support digest auth or there was an
end
The patch will be applied after August 1, 2019, unless concerns are raised.
The text was updated successfully, but these errors were encountered:
NSE encounters an error if the code prescribes HTTP digest authentication but the target server does not supply header
WWW-Authenticate:The following patch rectifies the issue:
The patch will be applied after August 1, 2019, unless concerns are raised.
The text was updated successfully, but these errors were encountered: