Reduces false-positives by treating 404 as a failed authentication

2025-12-25 00:49:01 +00:00 · 2016-08-30 16:12:30 +00:00
parent bacf620fed
commit 3ea1cdf460
1 changed files with 4 additions and 4 deletions
--- a/nselib/data/http-default-accounts-fingerprints.lua
+++ b/nselib/data/http-default-accounts-fingerprints.lua
@@ -37,10 +37,10 @@ local have_openssl, openssl = pcall(require, 'openssl')
 local function try_http_basic_login(host, port, path, user, pass, digest_auth)
  local credentials = {username = user, password = pass, digest = digest_auth}
  local req = http.get(host, port, path, {no_cache=true, auth=credentials, redirect_ok = false})
-  if req.status and req.status ~= 401 and req.status ~= 403 then
-    return true
-  end
-  return false
+  return req.status
+         and req.status ~= 401
+         and req.status ~= 403
+         and req.status ~= 404
 end

 ---