Invicti Standard 17 Jan 2023 v23-1-0

Improvements

  • Added control for login and logout during vulnerability retest.
  • Added auto responder for images to escape the onerror issue.

Fixes

  • Fixed an issue that overrode TLS settings available in the scan policy when the Ignore SSL Certificate Errors is set to True in the Appsetting.json file.
  • Fixed a bug that throws a null reference exception at the authentication.
  • Fixed missing CSP 3 Directive.
  • Fixed an issue about 3-legged OAuth which cause failed authentication at scan.
  • Fixed the scheduled scans not being exported issue to Invicti Enterprise.
  • Fixed an issue about header encoding that cause false positive CSP reporting.
  • Fixed the bug on the Interactive Login page where the Ok and Pause buttons are not available.
  • Fixed case sensitivity when checking HTTP headers for JSON Web Tokens.
  • Fixed the IPv6 registered website resolution issue thrown before scanning.
  • Improved the vulnerability database updating process to enable it to use a proxy.
  • Fixed a bug that prevents the scanner from attacking to login and logout pages.
  • Fixed the bug in which OAuth2 settings were not transferred properly from the web application to the agent.