New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

vmware_http_login #10935

Closed
bcoles opened this Issue Nov 7, 2018 · 1 comment

Comments

Projects
None yet
2 participants
@bcoles
Contributor

bcoles commented Nov 7, 2018

The vmware_http_login module calls a is_vmware? method prior to attempting login, which in turn calls fingerprint_vmware.

This method attempts to report the service to the database (in the event that the remote service is in fact vmware); however, fails to due so, as it uses an undefined ip variable rather than rhost.

As a result, the module fails, triggering the rescue exception handler, which also fails, due to an undefined e variable, ensuring that the error is silently swallowed.

    rescue
      vprint_error("#{rhost}:#{rport} Error: #{e}")
      return false
    end

The combination of these issues effectively renders the module useless, as the user receives only "#{rhost}:#{rport} Error: " as output, which has no bearing on whether the supplied credentials were valid.

@bcoles bcoles added module bug labels Nov 7, 2018

@bcoles bcoles self-assigned this Nov 7, 2018

@bcoles

This comment has been minimized.

Contributor

bcoles commented Nov 7, 2018

Fixed in #10895

@h00die h00die closed this Nov 7, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment