Fix digest auth when algorithm is 'md5'. Closes #1209

2026-02-03 03:59:02 +00:00 · 2018-05-14 21:29:36 +00:00
parent 48ace808f6
commit 670e24ddb7
3 changed files with 5 additions and 2 deletions
--- a/3
+++ b/3
@@ -1,5 +1,8 @@
 #Nmap Changelog ($Id$); -*-text-*-

+o [NSE][GH#1209] Fix SIP, SASL, and HTTP Digest authentication when the algorithm
+  contains lowercase characters. [Jeswin Mathai]
+
 o [GH#1204] Nmap could be fooled into ignoring TCP response packets if they
  used an unknown TCP Option, which would misalign the validation, causing it
  to fail. [Clément Notin, Daniel Miller]
--- a/nselib/sasl.lua
+++ b/nselib/sasl.lua
@@ -127,7 +127,7 @@ if HAVE_SSL then
        qop .. ":" .. A2))

      local b1
-      if not self.challnvs.algorithm or self.challnvs.algorithm == "MD5" then
+      if not self.challnvs.algorithm or self.challnvs.algorithm:upper() == "MD5" then
        b1 = stdnse.tohex(openssl.md5(self.username..":"..(self.challnvs.realm or "")..":"..self.password))
      else
        b1 = A1
--- a/nselib/sip.lua
+++ b/nselib/sip.lua
@@ -804,7 +804,7 @@ SipAuth = {
    assert(self.uri, "SipAuth: No uri specified")

    local result
-    if ( self.algorithm == "MD5" ) then
+    if ( self.algorithm:upper() == "MD5" ) then
      local HA1 = select(2, bin.unpack("H16", openssl.md5(self.username .. ":" .. self.realm .. ":" .. self.password)))
      local HA2 = select(2, bin.unpack("H16", openssl.md5(self.method .. ":" .. self.uri)))
      result = openssl.md5(HA1:lower() .. ":" .. self.nonce ..":" .. HA2:lower())