Git/testssl.sh
1
0
Fork 0
mirror of https://github.com/drwetter/testssl.sh.git synced 2024-12-29 12:59:44 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1966 from drwetter/no_starttls

Browse Source 
Add CVEs for No-STARTTLS vulnerability
This commit is contained in:
Dirk Wetter 2021-08-08 21:33:14 +02:00 committed by GitHub
commit f15da8d15d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
testssl.sh
View File

@ -18317,14 +18317,15 @@ run_tls_truncation() {
: :
} }
# see https://nostarttls.secvuln.info/
#
run_starttls_injection() { run_starttls_injection() {
local uds="" local uds=""
local openssl_bin="" local openssl_bin=""
local -i socat_pid local -i socat_pid
local -i openssl_pid local -i openssl_pid
local vuln=false local vuln=false
local cve="" local cve="CVE-2011-0411 CVE-2021-38084 CVE-2021-33515 CVE-2020-15955 CVE-2021-37844 CVE-2021-37845 CVE-2021-37846 CVE-2020-29548 CVE-2020-15955 CVE-2020-29547"
local cwe="CWE-74" local cwe="CWE-74"
local hint="" local hint=""
local jsonID="starttls_injection" local jsonID="starttls_injection"
@ -18336,7 +18337,7 @@ run_starttls_injection() {
pr_headlineln " Checking for STARTTLS injection " pr_headlineln " Checking for STARTTLS injection "
outln outln
fi fi
pr_bold " STARTTLS injection" ; out " (experimental) " pr_bold " STARTTLS injection" ; out " (CVE-2011-0411, exp.) "
# We'll do a soft fail here, also no warning, as I do not expect to have everybody have socat installed # We'll do a soft fail here, also no warning, as I do not expect to have everybody have socat installed
if [[ -z "$SOCAT" ]]; then if [[ -z "$SOCAT" ]]; then