Open CyberMew opened 2 years ago
google-oss-bot
commented
2 years ago I found a few problems with this issue:
charlotteliang
commented
2 years ago @CyberMew Thanks for filing the issue. Would you mind file a ticket with the support team so we can follow up with more details on this? Mostly to get more information about the security issues on your team.
CyberMew
commented
2 years ago Thanks, have just sent in a support ticket.
CyberMew
commented
2 years ago @chliangGoogle the support said that "this wouldn’t be the specialized channel to address this inquiry" and redirected me to http://goo.gl/vulnz which I don't think is the correct place. Any advice?
charlotteliang
commented
2 years ago I don't think that's the right place to address this issue. @rizafran can you help @CyberMew file an internal bug?
TusharSharma651
commented
2 months ago Any solution?
We are getting some security issues and one of them is as per title.
The call to dataTaskWithRequest:completionHandler:() in FIRMessagingTokenDeleteOperation.m on line 81 initiates an SSL/TLS connection using the default pre-loaded system Certificate Authorities (CAs) that might enable attackers to intercept encrypted communications by performing man-in-the-middle (MiTM) attacks using certificates signed with compromised root CAs.
Recommendations:
There are several possible solutions to reduce the level of trust on pre-loaded system certificates including:
Same goes for fetch The call to dataTaskWithRequest:completionHandler:() in FIRMessagingTokenFetchOperation.m on line 113 initiates an SSL/TLS connection using the default pre-loaded system Certificate Authorities (CAs) that might enable attackers to intercept encrypted communications by performing man-in-the-middle (MiTM) attacks using certificates signed with compromised root CAs.
Is this something we need to worry about?