-
SDKs before 27 allow clear text (non-https) by default. This is a security vulnerability since the minimum SDK is 21.
Basically, it allows man-in-the-middle attacks.
**Steps to reproduce**:
1…
ryjen updated
10 hours ago
-
**Is your feature request related to a problem? Please describe.**
The current server protocol 0.5 is flawed in a way that a **bad** server can modify its packet to the way it likes before sending to…
-
Does the project implement the applet part?
-
Hey i tried ur fork and found out that if the fan is connected every feature is working fine.
But i had a lot of issues while connecting my two Fans.
The fans have a static ip and they were constant…
-
The repository performs integrity checks of the resources on a regular basis, in order to detect unauthorized changes or accidental damage.
We're not currently sure what to implement here (or how).
-
The application is configured with HTTP Strict Transport Security (HSTS), which is a robust security measure designed to enforce the use of HTTPS and protect against man-in-the-middle attacks. However…
-
Medium+ Vulnerabilities and their info
Description of high vulnerability:
CVSS score of 7.5
The remote host supports the use of SSL ciphers that offer medium strength encryption. Ness…
-
We are getting some security issues and one of them is as per title.
The call to dataTaskWithRequest:completionHandler:() in **FIRMessagingTokenDeleteOperation**.m on line 81 initiates an SSL/TLS c…
-
**Github username:** --
**Twitter username:** --
**Submission hash (on-chain):** 0x41fa70ee15ad9f5be6daf33aa22deea9e547fd94b231e4d5b0f327098deb502d
**Severity:** high
**Description:**
**Description*…
-
## Proposal
**Use case. Why is this important?**
Currently the Makefile pipes a download from curl directly to tar without verifying checksums.
This makes the build vulnerable to man in the middle…