v23.9.1 - 28 Sep 2023
Version 23.9.1 includes three new features and some new security checks. As always, there are many improvements and bug fixes.
New features
- Added new options to the dashboard for selecting date ranges, including creating custom time periods
- Added a notification to the scan results page to show the VDB update version and Invicti Hawk connectivity status for the agent used in the scan.
- Added a sensitive data (password, session cookie, token, etc.) encoder
New security checks
- Added JQuery placeholder detection methods
- Added a new security check for the Missing X-Content-Type-Options vulnerability
Improvements
- Improved the JS Delivery CDN disclosure check to increase stability
- Improved the remediation part for the Weak Ciphers Enabled vulnerability
- Reduced the certainty value to 90 for the Robot Attack Detected vulnerability
- Improved the detection method for CSP
- Improved the detection method for the Dockerignore File Detected vulnerability
- Improved the detection method for the Docker Cloud Stack File Detected vulnerability
Fixes
- Fixed an issue with imported links in the API
- Fixed a bug in the scan URL rewrite rules
- Fixed a bug that was preventing retest scans from starting correctly when the vulnerability states were changed from ‘Reviewed’ to ‘Fixed (Unconfirmed)’
- Fixed a bug with disabling the scheduled scans list
- Fixed an issue with viewing the Account Edit page
- Added the missing CVE to the issue details for the “Out-of-date Version (jQuery Validation)” vulnerability
- Fixed some bugs that were affecting BLR
- Encrypted proxy password details when used in the Agent
- Fixed a custom proxy bypass list issue
- Fixed a unique analyzer bug for the WSDL importer
- Improved our XSS capabilities
- Fixed an NTLM login issue