Open CyberMew opened 2 years ago
I found a few problems with this issue:
@CyberMew Thanks for filing the issue. Would you mind file a ticket with the support team so we can follow up with more details on this? Mostly to get more information about the security issues on your team.
Thanks, have just sent in a support ticket.
@chliangGoogle the support said that "this wouldn’t be the specialized channel to address this inquiry" and redirected me to http://goo.gl/vulnz which I don't think is the correct place. Any advice?
I don't think that's the right place to address this issue. @rizafran can you help @CyberMew file an internal bug?
Any solution?
We are getting some security issues and one of them is as per title.
The call to dataTaskWithRequest:completionHandler:() in FIRMessagingTokenDeleteOperation.m on line 81 initiates an SSL/TLS connection using the default pre-loaded system Certificate Authorities (CAs) that might enable attackers to intercept encrypted communications by performing man-in-the-middle (MiTM) attacks using certificates signed with compromised root CAs.
Recommendations:
There are several possible solutions to reduce the level of trust on pre-loaded system certificates including:
Same goes for fetch The call to dataTaskWithRequest:completionHandler:() in FIRMessagingTokenFetchOperation.m on line 113 initiates an SSL/TLS connection using the default pre-loaded system Certificate Authorities (CAs) that might enable attackers to intercept encrypted communications by performing man-in-the-middle (MiTM) attacks using certificates signed with compromised root CAs.
Is this something we need to worry about?