Home
/
Documentation
/
v23.2.0
Invicti Product Release Notes
Invicti Enterprise On-Demand
Invicti Enterprise On-Premises
Invicti Standard
Invicti Application Security Platform
22 Feb 2023

v23.2.0

Version information: 23.2.0.39705

New security checks

  • Added JWT Forgery through Kid by using static files.
  • Added the JSON Web Tokens detected check.

Improvements

  • Improved the default browser settings to be reflected in the business logic recorder (BLR).
  • Improved the JWT Finder Regex in the JWT engine.
  • Extended excluded header names with new headers.
  • Updated JWT Forgery check condition.
  • Improved the JSON Web Tokens' vulnerability detection logic.
  • Added the link scope check for the user-controllable cookie vulnerability.

Fixes

  • Fixed an issue that caused unhandled exceptions when there is no service endpoint definition in the WSDL file.
  • Fixed "file in use error" while archiving scan logs.
  • Fixed the OAuth 2.0 authentication problem caused by the failure to get code information and certification validation in out-of-scope links.
  • Fixed missing cookies for the JSON Web Tokens attack requests.
  • Fixed the vulnerability family issue that caused the Hawk not to detect issues.
  • Fixed the vulnerability serialization issue that caused the out-of-memory error.