HP WebInspect 10.30 Login Macro Issue

I have been using the login macro for a scheduled scan. 

I have found some issues with this. 

 

I have to do a weekly scan. So what I do is that I select rescan option. The web application changes its password ocassionally. For this, I open the login macro and change the value of password. 

 

But on many ocassions, while checking the scan steps, I observe that the old password was used instead of new password. This causes the application to lock due to wrong password. 

 

How can this problem be solved ? Doing a fresh scan solves this issue, but is there any other alternative ?

Tags:

  • First item, you should edit your Login Macro so that the credential fields are Parameters.  Once that is set, the Scan Wizard will display those special fields on the Authentication screen, and you have the option of inputting your latest credentials or not.  If you choose to not enter anything, the originally recorded values will be used.  The current TruClient WMR tool (WI 10.x) permits you to set any entry as a Parameter.  Older releases only permitted setting Usernames, Passwords, and Host Names as parameters, and that process was called "Smart Credentials" in those earlier releases.

     

    Second item, if you reuse the original scan settings via the Rescan button, all of those original settings will be used.  You would probably need to re-choose the Login Macro during the Scan Wizard, perhaps by opening the raw settings from "Advanced" or "Settings" button during the Scan Wizard.  If you do not re-choose the macro and select "the same one I just edited", then the original copy of that Macro stored inside of the scan settings is the one that will be used.  Despite the named macro file we see in the "Login Macro" field of the scan settings, it does not fetch that file in real-time, but absorbs a copy of it into the Current Scan Settings.

     

    Last, if you have done all of these items correctly and the wrong credentials are being played, please report that to Fortify Support for an investigation.  (support.fortify.com)