cordova-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Niek Heezemans (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CB-9014) Man In The Middle Attack - SSL Connection - Jquery - Burp Suite
Date Wed, 13 May 2015 21:11:59 GMT

    [ https://issues.apache.org/jira/browse/CB-9014?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14542732#comment-14542732
] 

Niek Heezemans commented on CB-9014:
------------------------------------

Shazron,

If neccessary please remove the issue and I'll send an Email with the steps for reproduction.
Thanks for the reply.

Met vriendelijke groet / Kind regards,

Niek Heezemans
Enterprise Mobility Consultant

Ringwade 1, 3439 LM Nieuwegein
Telefoon: +31(0)30 663 70 00<tel:+31(0)30%20663%2070%2000>
Mobiel: +31(0)61 076 12 19<tel:+31(0)61%20076%2012%2019>
niek.heezemans@clockwork.nl<mailto:niek.heezemans@clockwork.nl>

Clockwork wint Quli DIA award 2014 categorie Best Service
Ordina wint Computable Award voor beste ICT-Dienstverlener van 2014




On Wed, May 13, 2015 at 12:35 PM -0700, "Shazron Abdullah (JIRA)" <jira@apache.org<mailto:jira@apache.org>>
wrote:


    [ https://issues.apache.org/jira/browse/CB-9014?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14542530#comment-14542530
]

Shazron Abdullah commented on CB-9014:
--------------------------------------

If this is a security issue, reports should be sent to security@cordova.apache.org instead,
with steps to ensure a reproduction, and for evaluation. This should never be reported in
a public issue tracker.

See: https://www.apache.org/security/committers.html

I'll leave this up until tonight until you can get to it (you should get an email anyway)
-- we can correspond privately at shazron (at) apache (dot) org for next steps if you have
more questions.






--
This message was sent by Atlassian JIRA
(v6.3.4#6332)


> Man In The Middle Attack - SSL Connection - Jquery - Burp Suite
> ---------------------------------------------------------------
>
>                 Key: CB-9014
>                 URL: https://issues.apache.org/jira/browse/CB-9014
>             Project: Apache Cordova
>          Issue Type: Bug
>          Components: CordovaLib, iOS
>    Affects Versions: 3.8.0, 5.0.0
>         Environment: iPhone5s - iOS 8.3 / iPad4 iOS8.3
>            Reporter: Niek Heezemans
>              Labels: security
>             Fix For: 3.8.0, 5.0.0
>
>
> I manually added a Proxy (Burp Suite) to my Wifi Connection and let my App connect to
a server with a valid SSL certificate threw a jQuery Ajax call. Burp generates its own CA
certificate (Self Signed) but this is not detected by Cordova.
> I can read all the Requests and Responses to and from my secure server within Burp.
> This happens on both Debug as well as on the Enterprise Signed IPA.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org


Mime
View raw message