Documentation Center
AlienVault® USM Appliance™

Known False Positive Vulnerabilities in USM Appliance

Version: 5.x
Deployment: All deployments

Although AlienVault USM Appliance is not vulnerable, the vulnerability scanner included in USM Appliance will report the following vulnerabilities when scanning USM Appliance itself

In the case of the former, you can use the following Perl script to verify that the MySQL server is not, in fact, vulnerable

use IO::Socket;

$|=1;

if ($#ARGV != 1)

{ print "Usage: mysqlenumerate.pl <target> <wordlist>\n"; exit; }

$target = $ARGV[0];

$user = $ARGV[1];

unlink '/tmp/cracked';

my $sock = IO::Socket::INET->new(PeerAddr => $target,

PeerPort => '3306',

Proto => 'tcp') ;

recv($sock, $buff, 1024, 0);

$buf = "\x00\x00\x01\x8d\x00\x00\x00\x00$user\x00\x50".

"\x4e\x5f\x51\x55\x45\x4d\x45\x00";

$buf = chr(length($buf)-3). $buf;

print $sock $buf;

$res = recv($sock, $buff, 1024, 0);

print "aaaa" + $res;

close($sock);

if (substr($buff, 7, 6) eq "Access")

{ print "\n[*] HIT! -- USER EXISTS: $user\@$target\n"; }

The script will generate no output, and you can check the connection with tcpdump, indicating that the type of authentication protocol is not allowed.

127.0.0.1:3306 -&gt; 127.0.0.1:57230 [AP]

g......Client does not support authentication protocol requested by server; consider upgrading MySQL client