Added support for highlighting input elements that are used to send passwords over query strings
Improved rendering performance of the Knowledge Base’s Comments page when there are too many comments
More commands are executed in the Code Evaluation exploitation to generate proofs
Improved Out of Band SSTI attack payloads
Added automatic selection in the Form Authentication dialog when all fields are filled up
Added case sensitive search for Raw Response viewer
Added an overlay to display longer scans are being imported, to block user activity and show progress
Added Show/Hide Password button in Form Authentication settings
Added an information dialog displayed when a scan is finished and Invicti window is in the background
Improved highlight function for detected JavaScript libraries
Improved reports to display the product version on which the Scan is performed
Improved the HTTP Request Builder panel to display generic headers
Manuscript has been renamed FogBugz
Scan Profile, Scan Policy and Report Policy comboboxes are disabled when the Scan is finished
Improved RFI confirmation for URL Rewrite parameters
Improved adding Out of Date Information Database information to the Site Profile
Improved signatures of Nginx Version Disclosure patterns
Optimized the attack speed of XSS and LFI engines
The Concurrent Connection slider in the Scan Policy Editor has been changed to Request Per Second to comply with new scan performance improvements
Added a piece of extra information to Out-of-date vulnerability templates to explain the vulnerability reason
Security Checks search has been improved in the Scan Policy Editor by tagging the SSL/TLS related security checks
Cookie checks will analyze session cookie names to detect platform-specific default session names
Missing HIPAA classifications in Insecure Transportation Security Protocol Supported Default Report Policy templates have been added
Stored XSS and Insecure Frame Default Report Policy vulnerability descriptions have been improved
Phishing by Navigating Browser Tabs Default Report Policy vulnerability description have been improved
Added Jira Account ID field for Jira Send To Action to assign issues to a user as JIRA Api will not accept username after 29 April 2019
FIXES
Fixed failing VDB update when multiple instances were running
Fixed the incorrect URLs that were added during the DOM simulation for forms without action attributes
Fixed the issues where extra vulnerabilities were added to the Sitemap during a Retest All
Fixed the issue where the SameSite cookie vulnerability was reported for cookies that were missing Lax or Strict attributes
Fixed an issue where JavaScript file parsing was taking longer than expected in some occasions
Fixed an issue where copied URL Rewrite Rules from Knowledge Base cannot be pasted in URL Rewrite settings
Fixed an issue where JavaScript file parsing might take longer than expected in some occasions
Fixed a NullReferenceException that was thrown while saving the layout of panes
Fixed an ObjectDisposedException that was thrown when cancelling a Retest
Fixed the Listening Port so that it is no longer set for the next Manual Crawl
Fixed the issue where Finished Scans were displayed a Paused Scan icon
Fixed the issue where the Fixed notice text was missing for fixed vulnerabilities
Fixed the issue where the incorrect severity was reported for the Cookie not Marked as Secure vulnerability of a non-session cookie
Fixed the incorrect order of the vulnerabilities in the Issues panel
Fixed the Trial Licence dialog that was popping up twice
Fixed the issue where data from a previous scan was displaying in the Activity panel
Fixed HTTP 400 errors raised by the ServiceNow Send To integration
Fixed the ObjectDisposedExceptions error that was thrown during Blind SQL Injection checks
Fixed an issue where the SSL client handshake code was having issues while trying to communicate with a specific server with different configuration
Fixed the issue where the status bar displayed the incorrect number of remaining trial days
Fixed the oversized icons displayed in the Logs panel caused when the screen DPI was set too high
Fixed the filtering issue in the Issues panel which caused new vulnerabilities discovered to be displayed even though they did not match the filter
Fixed the incorrect vulnerability count, caused by variations, that was displayed in the Status Bar
Fixed an UnauthorizedAccessException that was thrown while attempting to select restricted folders during the Export to Cloud process
Fixed an issue in the CSP engine where the ‘strict-dynamic’ directive was reported as an unsupported hash
Fixed the problem where the application was hanging on shutdown
Fixed missing Authentication cookies in the Knowledge Base
Fixed incorrect nonce detected without matching script block vulnerability
Fixed a DOM simulation issue where the passed element to call the setTimeout function was being ignored
Fixed a Retest issue where Out-of-Band SSTI vulnerabilities were marked as retestable
Fixed the issue where the tiny Validation Error icon was displaying in screens when the screen DPI was set too high
Fixed the issue where cookies were sent during the request for the Favicon image of the target URL
Fixed the handling of newline characters while rendering the Proof of Concept section of the Vulnerability details
Fixed the high DPI issues in the Bulk Export to Enterprise panel
Fixed the issue where the uninstall process was interrupted if an Invicti instance was still running
Fixed high DPI issues in the Local Scans panel during Import
Fixed a NullReferenceException that occurred while rendering Vulnerability Details
Fixed the issue where the Activity Viewer automatically scrolled to the top following updates to activities
Fixed the Knowledge Base Report’s header, where the image, title and severity level were overlapping
Fixed the issue where Internal Path Disclosure was reported on script and stylesheet files
Fixed an issue that caused FP Insecure Reflected Content to be reported
Fixed the issue where the CSRF engine did not highlight the vulnerable HTML form when the name and action were not specified
Fixed the issue where brute-force attacks were carried out regardless of the Authentication Type
Fixed an issue in the Request Builder where the POST parameters were removed after switching tabs
Fixed the issue where the LFI vulnerability confirmation patterns did not match the response returned from a Linux server
Fixed an issue in the Response Viewer tab where the selected text remained highlighted even after the search was cleared
Fixed the issue where vulnerability fields were not updated after a Retest
Fixed the value of double encoded null byte in LFI, XSS attack patterns
Fixed an issue in the Swagger importer where the parameter declared on the path level was not recognized
Fixed an issue in the LFI engine where the confirmation payload was appended to the attack payload
Fixed an issue in the Request Builder where duplicate headers could be added because header names were treated as Case Sensitive
Fixed the problem where the wrong error message was displayed when a file parameter was selected in the Request Builder
Fixed an unnecessary Header Warning dialog that popped up when the Edit Link button was clicked in the Request Builder
Fixed an issue where an imported link could be saved without correcting the errors in the Request form
Fixed an issue where links generated in Invicti attacks were added to the Sitemap
Fixed the value of the double encoded null byte in the Header Injection pattern
Fixed the encoding of the % sign in the base64 payload in XSS attacks
Fixed the attack payload in the PHP Injection Fixed One Time Attack pattern
Fixed an issue where version numbers were not correctly displayed in the Affected Versions section of VDB vulnerabilities
Fixed an issue where the wrong importer format was selected by default in the Enter Links dialog
Fixed the selection issue in the filtered Security Checks of the Scan Policy panel
Fixed the encoding issue in the SQL Injection confirmation attack
Fixed the validation issue of the Send to Action configuration
Fixed the unnecessary node selection when the Expand/Collapse button was clicked on the Sitemap tree
Fixed the grouping issue on vulnerability variations and instances
Fixed HTTP method icons in the Sitemap
Fixed issues caused by language changes
Fixed the scrolling problem in the Vulnerability viewer
Fixed the confusion over which persona was used during Form Authentication verification
Fixed an order issue in the Sitemap tree
Fixed the incorrect variation count presentation issue in the Issues tree
Fixed the broken tab key in the Request Builder panel
Fixed the incorrect Remaining Day presentation in the License reminder
Fixed the issue where the Back button was clickable during the Bulk Export to Invicti Enterprise, causing the export to fail
Fixed the issue where an error was displayed instead of the Proof in Blind SQL injection attacks
Fixed the wrong proxy display after resetting settings to the default
Fixed a performance issue that occurred while exporting a large Scan to Invicti Enterprise
Fixed duplicate cookie names that were reported on a Cookie vulnerability
Fixed a high DPI issue in the message box
Fixed visual issues in the binary Response viewer
Fixed an issue where the DOM engine failed to restart on some occasions
Fixed an issue where Local/SessionStorage values were not persisting throughout the scan
Fixed an issue where Form Authentication sometimes failed while trying to login to some websites that are built with React.JS
Fixed a NullReferenceException that was sometimes thrown while saving Scan data
Fixed HTML form simulation for cases where the form did not have an element with the Submit type
Fixed HTML form simulation to take the Exclude by CSS Selector option into account to ignore required form elements
Fixed an issue where overriding the Unicode Replacement characters in binary and JavaScript files sometimes broke the files and did not execute
Fixed an issue where Invicti sometimes prevented Windows from shutting down while a Scan was running
Fixed an issue where NTLM Authentication was being ignored during Logout Detection
Fixed an issue where the cookies that were set in the JavaScript context during Form Authentication were not properly captured
Fixed an issue where the Max Simulated Elements option was causing the simulation to hang
Fixed an uncaught TypeError that was caused by Max Option Elements checks and causing the simulation to hang
Fixed an issue where Signature checks were adding false-positive Site Profile information to the Knowledge Base issue
Fixed an issue where ignored vulnerabilities were retested while performing an Incremental Scan
Fixed an issue where an incorrect “Subresource Integrity (SRI) Hash Invalid” vulnerability was reported because of hash miscalculation
By using this website you agree with our use of cookies to improve its performance and enhance your experience. More information in our Privacy Policy.
