irsdl
commented
7 years ago If the scanner accepts different responses then it will raise it as vulnerable. If it only receives 401 requests, it does not raise it as an issue. Additionally, this tool should only be used against IIS.
Hi there.
I detected a wrong behavior where shortname scanner reports the asset as vulnerable.
In this case it was a cisco web panel with basic authentication. I did know with was a cisco at that time. But this may cause false positives even with it is a IIS with basic authentication.
In the case of HTTP code 401 in all methods, I guess the scanner should mark the asset as not vulnerable and indicated the URL is protected with authentication.