Add Intersil HTTP Basic auth pass reset (originally #453) #494

wchen-r7 · 2012-06-17T02:23:46Z

The modified version of pull request #453. This addresses a couple
of things including:

Change the description to better explain what the vulnerability is.
The advisory focuses the problem as an auth bypass, not DoS,
although it can end up dosing the server.
The title and filename are changed as a result of matching that
advisory's description.
Use 'TARGETURI' option instead of 'URI'.
The reset attempt needs to check if the directory actually has
401 in place, otherwise this may result a false-positive.
The last HTTP request needs to check a possible nil return value.
More verbose outputs.

The modified version of pull request rapid7#453. This addresses a couple of things including: * Change the description to better explain what the vulnerability is. The advisory focuses the problem as an auth bypass, not DoS, although it can end up dosing the server. * The title and filename are changed as a result of matching that advisory's description. * Use 'TARGETURI' option instead of 'URI'. * The reset attempt needs to check if the directory actually has 401 in place, otherwise this may result a false-positive. * The last HTTP request needs to check a possible nil return value. * More verbose outputs.

wchen-r7 merged commit e72303a into rapid7:master Jun 17, 2012

wchen-r7 deleted the intersil_dos branch August 22, 2016 16:31

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add Intersil HTTP Basic auth pass reset (originally #453) #494

Add Intersil HTTP Basic auth pass reset (originally #453) #494

wchen-r7 commented Jun 17, 2012

Add Intersil HTTP Basic auth pass reset (originally #453) #494

Add Intersil HTTP Basic auth pass reset (originally #453) #494

Conversation

wchen-r7 commented Jun 17, 2012