Lately, I've switched to Debian (just mentioning it, but should not be related) and noticed increase in false positives via using the tool. The false positives are for multiple instances of different services:
heroku
github
azurewebsites
trafficamanger
It seems like its detecting the vulnerable CNAME and skipping the string check.
Lately, I've switched to Debian (just mentioning it, but should not be related) and noticed increase in false positives via using the tool. The false positives are for multiple instances of different services:
It seems like its detecting the vulnerable CNAME and skipping the string check.