search

dorianj / CoRD

CoRD is a Mac OS X remote desktop client for Microsoft Windows computers using the RDP protocol. It's easy to use, fast, and free for anyone to use or modify.
http://cord.sourceforge.net/
346 stars 135 forks source link

CoRD Insecure Update Mechanism #80

Closed iallison closed 8 years ago

iallison commented 8 years ago

It appears that CoRD uses an insecure update mechanism. In the CoRD /Applications/CoRD.app/Contents/Info.plist file the SUFeedURL is set to:

http://cord.sourceforge.net/sparkle.xml

This setting makes your application vulnerable to a Man-in-the-middle attack application updates.

Please update the SUFeedURL string to use https instead of http to mitigate this issue.

peelman commented 8 years ago

CoRD is deprecated and we encourage the move to other clients:

https://github.com/dorianj/CoRD/blob/master/README.md