Geoff Humes wrote:
> This snmp object .1.3.6.1.4.1.11.2.3.9.1.1.13.0 is for the embedded web
> server (ews) password - I've written a plugin for our internal use that
> I've included here. I know it's not the cleanest, but it works.
>
Yep. Works also here:
$ sudo nasl -t XXXXX snmp_hpJetDirectEWS.nasl
There is no password assigned.
> First, it checks for a few web pages - one that _is_ available on the
> new version of ews (always responds no password - false positive), and
> then for the root page to make sure that the ews is enabled and is the
> old version (read:vulnerable).
>
(...)
It would be nice if you added this (from Reanud's):
community = get_kb_item("SNMP/community");
if(!community)community = "internal";
Instead of always using internal. Also Reanud's script provides more
tidbits of information (but no URLs, which I did include in the Bug
Report) which would be great there.
Javi
This archive was generated by hypermail 2b30 : Wed Mar 05 2003 - 00:54:00 PST