NSE encounters an error if the code prescribes HTTP digest authentication but the target server does not supply header WWW-Authenticate:
/usr/bin/../share/nmap/nselib/sasl.lua:121: attempt to concatenate a nil value (field 'nonce')
/usr/bin/../share/nmap/nselib/sasl.lua:121: in method 'calcDigest'
/usr/bin/../share/nmap/nselib/http.lua:1416: in function 'http.generic_request'
/usr/bin/../share/nmap/nselib/http.lua:1766: in function 'http.get'
The following patch rectifies the issue:
--- a/nselib/http.lua+++ b/nselib/http.lua@@ -1404,7 +1404,7 @@
options_with_auth_removed["auth"] = nil
local r = generic_request(host, port, method, path, options_with_auth_remov
local h = r.header['www-authenticate']
- if not r.status or (h and not string.find(h:lower(), "digest.-realm")) then+ if not (r.status and h and string.find(h:lower(), "digest.-realm")) then
stdnse.debug1("http: the target doesn't support digest auth or there was
return http_error("The target doesn't support digest auth or there was an
The patch will be applied after August 1, 2019, unless concerns are raised.
The text was updated successfully, but these errors were encountered: