badsecrets icon indicating copy to clipboard operation
badsecrets copied to clipboard

Published 20 hours ago verified publisher icon blacklanternsecurity

identify_only reports will report first matching

Open liquidsec opened this issue 1 year ago • 2 comments

We need to report as a list since there could be multiple matches

{"description": "Cryptographic Product identified. Product Type: [Java Server Faces Viewstate] Product: [Ly8gp+FZKt9XsaxT5gZu41DDxO74k029z88gNBOru2jXW0g1Og+RUPdf2d8hGNTiofkD1VvmQTZAfeV+5qijOoD+SPzw6K72Y1H0sxfx5mFcfFtmqX7iN6Gq0fwLM+9PKQz88f+e7KImJqG1cz5KYhcrgT87c5Ayl03wEHvWwktTq9TcBJc4f1VnNHXVZgALGqQuETU8hYwZ1VilDmQ7J4pZbv+pvPUvzk+/e2oNeybso6TXqUrbT2Mz3k7yfe92q3pRjdxRlGxmkO9bPqNOtETlLPE5dDiZYo1U9gr8BBD=] Detecting Module: [Jsf_viewstate]",

(from bbot scan)

liquidsec avatar Jun 25 '23 14:06 liquidsec

This is also preventing actual vulnerabilities from being detected if another module has an identify_only hit first.

This is now a high priority bug

liquidsec avatar Nov 24 '23 19:11 liquidsec

This should already be fixed, however a test needs to be written specifically to confirm

liquidsec avatar Feb 18 '24 15:02 liquidsec