Open anantshri opened 7 years ago
Also experiencing this issue.
Is the issue reproductible ? ie the false-positive always go on on some sites ?
I also have the same issue. I can't disclose the service URL as it's only running internally and I signed an NDA.
For me sslscan-win-2.0.13>sslscan.exe
and sslscan-2.0.15>sslscan.exe
report:
Heartbleed:
TLSv1.3 vulnerable to heartbleed
TLSv1.2 vulnerable to heartbleed
While other tools (sslyze, Burp Suite HeartBleed Extension) report the service isn't vulnerable to Heartbleed.
The behavior is also reproducible, but does it works as expected for domains such as example.com.
edit: I just noticed, the issue is from 2016, so I assume this is some weird edge-case.
same here. Running dozens of times on same target, it will eventually show it as vulnerable. But the heartbeat extension is not even present.
This is regarding the heartbleed checks.
I have had both false positives and false negatives on these from a long time and this doesn't seems to be reliable at all. Same site which is vulnerable to heartbleed get detected as vulnerable in some scan's but multiple parallel scan's result in false negative marking it as non-vulnerable. inverse also hold true to confirmed non vulnerable code (read ssl on IIS :P )
Not sure having this check which is not reliable as a default is serving much purpose. I propose moving this to optional check's and not making it a mandatory / default scan options.