Home
/
Documentation
/
v24.3.1 – 28 March 2024
Invicti Product Release Notes
Invicti Enterprise On-Demand
Invicti Enterprise On-Premises
Invicti Standard
Invicti Application Security Platform
28 Mar 2024

v24.3.1 – 28 March 2024

New features

  • Provided a new encryption method of API Token for Agent/Verifier Agent
  • Added a pre-request script to generate AWS Signature token

New security checks

  • Added a new security check for TLS/SSL certificate key size too small issue
  • Improved WP Config detection over backup files
  • Added a new security check for CVE-2023-46805 / CVE-2024-21887
  • Added detection for exposed WordPress configuration files
  • Added a new Security Check that allows to report two vulnerabilities: TorchServe Management API Publicly Exposed and TorchServe Management API SSRF
  • Command Injection in VMware Aria Operations for Networks can now be detected

Improvements

  • Implemented enhancements: Highlighting and Verification of Response Status Codes
  • Disabled the BREACH Security Engine
  • Report template of Possible XSS is updated to cover mime sniffing
  • Increased the default Severity level of Version Disclosure (Varnish) from 'Information' to 'Low'

Fixes

  • Fixed the issue where the customer couldn't scan their target with the additional website properly
  • Fixed an issue that was causing a memory issue in Javascript Parser
  • Fixed the inability of the custom script editor to load the form authentication fields