Land rapid7#7985, Fix bug in check_setup for bavision

jbarnett-r7 · jbarnett-r7 · commit d738b63fa638 · 2017-02-21T14:29:21.000-06:00
@wchen-r7 fix uncovered another bug in the logic for the check_setup return. This switches the return to the expected values. Fixes rapid7#7984
diff --git a/lib/metasploit/framework/login_scanner/bavision_cameras.rb b/lib/metasploit/framework/login_scanner/bavision_cameras.rb
@@ -14,13 +14,13 @@ class BavisionCameras < HTTP
 
         # Checks if the target is BAVision Camera's web server. The login module should call this.
         #
-        # @return [Boolean] TrueClass if target is SWG, otherwise FalseClass
+        # @return [String] Error message if target is not a BAVision camera, otherwise FalseClass
         def check_setup
           login_uri = normalize_uri("#{uri}")
           res = send_request({'uri'=> login_uri})
 
-          if res && res.headers['WWW-Authenticate'].match(/realm="IPCamera Login"/)
-            return true
+          unless res && res.headers['WWW-Authenticate'] && res.headers['WWW-Authenticate'].match(/realm="IPCamera Login"/)
+            return "Unable to locate \"realm=IPCamera Login\" in headers. (Is this really a BAVision camera?)"
           end
 
           false
