From: Erin Carroll (amoeba@amoebazone.com)
Date: Mon Jul 18 2005 - 19:19:55 EDT
I recently rejected the below submission to the list as it was more
appropriate for Tenable's nessus list rather than pen-test but I wanted to
submit it with an addendum to bring up a topic which I would love to see
discussed: How do list members deal with rooting out false positives? When
do you have "enough" feedback in pen-testing a possible vunerability before
putting something in the false positive column?
5 years ago certain vulnerabilities would have been beyond my skill level at
the time to assess and verify correctly. I'm sure there are things now that
fall into that area as well. What methods do you guys use to minimize that
situation from occuring?
> -----Original Message-----
> From: darkslaker [mailto:darkslaker.secure@gmail.com]
> Sent: Monday, July 18, 2005 2:48 PM
> To: pen-test@securityfocus.com
> Subject: Help with MYSQL
>
> In my last PT , nessus detect
>
> Your MySQL database is not password protected.
>
> Anyone can connect to it and do whatever he wants to your
> data (deleting a database, adding bogus entries, ...) We
> could collect the list of databases installed on the remote host :
>
> i couldnīt connect with the Server. I think is a False
> Positive. But i not sure in this case.
>
> I tray to connect with perl , php , mysql and mysqldump.
>
> Anyone have information about this.
>
>
> DarkSlaker
>
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:35 EDT