I have an issue where I’m running a scan but the scan fails to detect the vulnerable version of Dropbear SSH. It successfully detects Dropbear SSH as well as the version but does not appear to tie this back to the numerous CVEs for it.
Here is a screenshot showing the detection of Dropbear SSH
What Lukas means is whether you adjusted the QoD value for the results.
In your scan report head to the “Results” tab and in the top right corner there’s an “Edit Filter” button (a pencil hovering over a piece of paper).
Click it and change the value of QoD to 30. If there are still no results, please let us know.
Please note that lowering the QoD might show up results which are prone to false positives against products covered by so called “Backports”. Dropbear SSH is one of such products which is covered by such Backports in most larger Linux Distributions like Debian, Ubuntu, Fedora, CentOS, RHEL etc.