Defensics ICMPv6 Test Issue

Zachary Jen

New Member
Credits
16
Hi guys,

I am a newbie in this Forum.
Recently, I got a failed report form the Defensics ICMPv6 test.
Defensics is a tool to discover and to remediate security weaknesses in software
It reports that “authentication-bypass occurred when doing ICMPv6.SEND.Neighbor-solicitation test.”

The base test method is
1) send an ICMPv6 packet with errors (refer to Send2DUT.pcap in zip file)
2) Examine what the DUT sends back

The Defensics Utility indicates an authentication-bypass occurred because an unexpected packet sends back (refer to GetFromDUT.pcap in zip file).

It against CWE-287.

May I know the action is reasonable? Or It indeed a careless case happened.

My kernel version is 3.14.17.
The newer version seems also has the same symptom.


Thanks!
 

Attachments



Members online

No members online now.

Latest posts

Top