Mailing List Archive: Fix for false negative in http_asn1

Fix for false negative in http_asn1_decoding.nasl

Sep 22, 2005, 7:59 AM

Post #1 of 2 (761 views)

Here's a patch to make http_asn1_decoding.nasl fire when you
get a base64 string that ends in an =. Such as this one:

WWW-Authenticate: Negotiate oRUwE6BECgEBoQwGCisGAQQBgjcCAgo=

Cheers

Rich.
--
Richard Moore, Principal Software Engineer,
Westpoint Ltd,
Albion Wharf, 19 Albion Street, Manchester, M1 5LN, England
Tel: +44 161 237 1028
Fax: +44 161 237 1031

Re: Fix for false negative in http_asn1_decoding.nasl [ In reply to ]

theall at tenablesecurity

Sep 22, 2005, 10:48 AM

Post #2 of 2 (724 views)

Permalink

On Thu, Sep 22, 2005 at 03:59:26PM +0100, Richard Moore wrote:

> Here's a patch to make http_asn1_decoding.nasl fire when you
> get a base64 string that ends in an =. Such as this one:
>
> WWW-Authenticate: Negotiate oRUwE6BECgEBoQwGCisGAQQBgjcCAgo=

Thanks for pointing out the problem, Rich. I used a slight variation on
your patch to commit a change to CVS; it should become available in the
next hour or so through nessus-update-plugins.

George
--
theall@tenablesecurity.com

Mailing List Archive

Mailing List Archive

Attached Files: