search

trustedsec / cve-2019-19781

This is a tool published for the Citrix ADC (NetScaler) vulnerability. We are only disclosing this due to others publishing the exploit code first.
Other
570 stars 127 forks source link

TLS/SSL failure not checked thoroughly #20

Closed bmanbdaman closed 4 years ago

bmanbdaman commented 4 years ago

There is no cipher result check when a system fails TLS/SSL negotiation, for example. It creates a false positive as python gets an error and your check shows "did not respond" . We were comparing the results of this with some other scanning tools and noticed the difference. Real error like TLSv1 shows "bad handshake ... unsupported protocol". I am not into python so I don't know if there is an option to force renegotiation/downgrade or if the error response should include "server responded with invalid ssl".

trustedsec commented 4 years ago

Added a commit to reflect, thanks for sharing