merproject (hadk, sdk) website security

asked 2017-09-12 23:20:20 +0300

path gravatar image

hadk & sdk instruct to download from (or build on) *, over http, and with no choice of checking signatures or md5 or sha sums. it gets even worse SSL Report: ( Assessed on: Mon, 11 Sep 2017 20:42:51 UTC

This server is vulnerable to the OpenSSL Padding Oracle vulnerability (CVE-2016 -2107) and insecure. Grade set to F. This server supports weak Diffie-Hellman (DH) key exchange parameters. Grade cap ped to B. This server accepts RC4 cipher, but only with older protocols. Grade capped to B

edit retag flag offensive close delete



You can always build locally, no need to use OBS...

juiceme ( 2017-09-13 15:51:22 +0300 )edit