sslscan icon indicating copy to clipboard operation
sslscan copied to clipboard

Published 20 hours ago verified publisher icon rbsec

false positive's heartbleed

Open anantshri opened this issue 8 years ago • 4 comments

This is regarding the heartbleed checks.

I have had both false positives and false negatives on these from a long time and this doesn't seems to be reliable at all. Same site which is vulnerable to heartbleed get detected as vulnerable in some scan's but multiple parallel scan's result in false negative marking it as non-vulnerable. inverse also hold true to confirmed non vulnerable code (read ssl on IIS :P )

Not sure having this check which is not reliable as a default is serving much purpose. I propose moving this to optional check's and not making it a mandatory / default scan options.

anantshri avatar Dec 25 '16 13:12 anantshri

Also experiencing this issue.

vincentcox-work avatar Jun 26 '17 12:06 vincentcox-work

Is the issue reproductible ? ie the false-positive always go on on some sites ?

jedai47 avatar May 11 '22 13:05 jedai47

I also have the same issue. I can't disclose the service URL as it's only running internally and I signed an NDA.

For me sslscan-win-2.0.13>sslscan.exe and sslscan-2.0.15>sslscan.exe report:

Heartbleed:
TLSv1.3 vulnerable to heartbleed
TLSv1.2 vulnerable to heartbleed

While other tools (sslyze, Burp Suite HeartBleed Extension) report the service isn't vulnerable to Heartbleed.

The behavior is also reproducible, but does it works as expected for domains such as example.com.

edit: I just noticed, the issue is from 2016, so I assume this is some weird edge-case.

BreakfastSerial avatar Sep 09 '22 09:09 BreakfastSerial