Merge pull request #1449 from drwetter/pr_1070
Reimplement mitigation check (renegotiation->node.js)
This commit is contained in:
commit
520a4fbf75
24
testssl.sh
24
testssl.sh
|
@ -14407,12 +14407,28 @@ run_renego() {
|
||||||
echo R | $OPENSSL s_client $(s_client_options "$proto $legacycmd $STARTTLS $BUGS -msg -connect $NODEIP:$PORT $PROXY") >$TMPFILE 2>>$ERRFILE
|
echo R | $OPENSSL s_client $(s_client_options "$proto $legacycmd $STARTTLS $BUGS -msg -connect $NODEIP:$PORT $PROXY") >$TMPFILE 2>>$ERRFILE
|
||||||
sec_client_renego=$? # 0=client is renegotiating & doesn't return an error --> vuln!
|
sec_client_renego=$? # 0=client is renegotiating & doesn't return an error --> vuln!
|
||||||
case "$sec_client_renego" in
|
case "$sec_client_renego" in
|
||||||
0) if [[ $SERVICE == HTTP ]]; then
|
0) # We try again if server is HTTP. This could be either a node.js server or something else.
|
||||||
pr_svrty_high "VULNERABLE (NOT ok)"; outln ", DoS threat"
|
# node.js has a mitigation which allows 3x R and then blocks. So we test 4x
|
||||||
fileout "$jsonID" "HIGH" "VULNERABLE, DoS threat" "$cve" "$cwe" "$hint"
|
# This way we save a couple seconds as we weeded out the ones which are more robust
|
||||||
else
|
if [[ $SERVICE != HTTP ]]; then
|
||||||
pr_svrty_medium "VULNERABLE (NOT ok)"; outln ", potential DoS threat"
|
pr_svrty_medium "VULNERABLE (NOT ok)"; outln ", potential DoS threat"
|
||||||
fileout "$jsonID" "MEDIUM" "VULNERABLE, potential DoS threat" "$cve" "$cwe" "$hint"
|
fileout "$jsonID" "MEDIUM" "VULNERABLE, potential DoS threat" "$cve" "$cwe" "$hint"
|
||||||
|
else
|
||||||
|
(for i in {1..4}; do echo R; sleep 1; done) | \
|
||||||
|
$OPENSSL s_client $(s_client_options "$proto $legacycmd $STARTTLS $BUGS -msg -connect $NODEIP:$PORT $PROXY") >$TMPFILE 2>>$ERRFILE
|
||||||
|
case $? in
|
||||||
|
0) pr_svrty_high "VULNERABLE (NOT ok)"; outln ", DoS threat"
|
||||||
|
fileout "$jsonID" "HIGH" "VULNERABLE, DoS threat" "$cve" "$cwe" "$hint"
|
||||||
|
;;
|
||||||
|
1) pr_svrty_good "not vulnerable (OK)"
|
||||||
|
outln " -- mitigated"
|
||||||
|
fileout "$jsonID" "OK" "not vulnerable, mitigated" "$cve" "$cwe"
|
||||||
|
;;
|
||||||
|
*) prln_warning "FIXME (bug): $sec_client_renego (4 tries)"
|
||||||
|
fileout "$jsonID" "DEBUG" "FIXME (bug 4 tries) $sec_client_renego" "$cve" "$cwe"
|
||||||
|
ret=1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
fi
|
fi
|
||||||
;;
|
;;
|
||||||
1)
|
1)
|
||||||
|
|
Loading…
Reference in New Issue