From 4097f390900567e978b3b8aa233764d4e8572d1c Mon Sep 17 00:00:00 2001
From: nnposter <nnposter@e0a8ed71-7df4-0310-8962-fdc924857419>
Date: Wed, 4 Mar 2020 20:58:49 +0000
Subject: [PATCH] Do not treat HTTP 400 as login success. Closes #1942

---
 nselib/data/http-default-accounts-fingerprints.lua | 1 +
 1 file changed, 1 insertion(+)

diff --git a/nselib/data/http-default-accounts-fingerprints.lua b/nselib/data/http-default-accounts-fingerprints.lua
index a3bc874b4..ba61ba43c 100644
--- a/nselib/data/http-default-accounts-fingerprints.lua
+++ b/nselib/data/http-default-accounts-fingerprints.lua
@@ -73,6 +73,7 @@ local function try_http_basic_login(host, port, path, user, pass, digest_auth)
   local credentials = {username = user, password = pass, digest = digest_auth}
   local resp = http_get_simple(host, port, path, {auth=credentials})
   return resp.status
+         and resp.status ~= 400
          and resp.status ~= 401
          and resp.status ~= 403
          and resp.status ~= 404