Improved
- Server Configuration Module. We reduced false negatives in the Server Configuration module.
- OOB Log4Shell JNDI Injection. We enhanced Out of Band Log4Shell JNDI Injection to attack user-agent headers.
- Updated severity. We updated Credentials stored in clear text in a cookie severity. Usernames found now raise a low severity. Passwords found now raise a high severity.
- Deprecated SQL injection attacks. We have turned off deprecated DBI18 and DBI19 SQL injection attacks by default.
- Search fields. We improved the way the engine interacts with search fields to reduce false positives returned.
- BlindSQL injection attack module. Content length is no longer a proof for BlindSQL injection attack module.
- Selenium ChromeDriver. We upgraded Selenium ChromeDriver to 109.0.5414.74.
Fixed
- We fixed issues with the branding tool.
- The correct error message now displays when a macro fails.
- We fixed an issue where an empty string is used for a SQL Injection attack.
- The findings summary graph now shows the correct severities with validation scans.
- We fixed an issue where bootstrap authentication failed via REST API.