Revision history [back]
 | 1 | initial version | posted 2015-01-03 16:04:53 +0300  |
caldav client vulnerable to SSL MITM attack
Using sslsniff/sslsplit it is possible to mount an SSL MITM attack using a self-signed, untrusted certificate to intercept traffic generated by a caldav account configured on a jolla device. This attack works again newly configured and existing caldav accounts using an https connection.
Tested on Sailfish OS 1.1.1.27 Vaarainjärvi.
| | 2 | No.2 Revision |
caldav client vulnerable to SSL MITM attack
Using sslsniff/sslsplit it is possible to mount an SSL MITM attack using a self-signed, untrusted certificate to intercept traffic generated by a caldav account configured on a jolla device. This attack works again newly configured and existing caldav accounts using an https connection.
It has already been publicly noted that self-signed certificates "just work" so I consider this issue publicly known.
Tested on Sailfish OS 1.1.1.27 Vaarainjärvi.
| | 3 | No.3 Revision |
caldav client vulnerable to SSL MITM attack
Using sslsniff/sslsplit it is possible to mount an SSL MITM attack using a self-signed, untrusted certificate to intercept traffic generated by a caldav account configured on a jolla device. This attack works again against newly configured and existing caldav accounts using an https connection.
It has already been publicly noted that self-signed certificates "just work" so I consider this issue publicly known.
Tested on Sailfish OS 1.1.1.27 Vaarainjärvi.