New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

vmware_http_login #10935

bcoles opened this Issue Nov 7, 2018 · 1 comment


None yet
2 participants

bcoles commented Nov 7, 2018

The vmware_http_login module calls a is_vmware? method prior to attempting login, which in turn calls fingerprint_vmware.

This method attempts to report the service to the database (in the event that the remote service is in fact vmware); however, fails to due so, as it uses an undefined ip variable rather than rhost.

As a result, the module fails, triggering the rescue exception handler, which also fails, due to an undefined e variable, ensuring that the error is silently swallowed.

      vprint_error("#{rhost}:#{rport} Error: #{e}")
      return false

The combination of these issues effectively renders the module useless, as the user receives only "#{rhost}:#{rport} Error: " as output, which has no bearing on whether the supplied credentials were valid.

@bcoles bcoles added module bug labels Nov 7, 2018

@bcoles bcoles self-assigned this Nov 7, 2018


This comment has been minimized.


bcoles commented Nov 7, 2018

Fixed in #10895

@h00die h00die closed this Nov 7, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment