On Thu, Jun 4, 2015 at 4:46 AM, dieter <d_werner@gmx.net> wrote:
Hi,
The login to bugzilla now forwards to https://login.microfocus.com FF warns that this page is not secure (missing identity data, partly not encrypted content, defect encryption).
"Mixed Content: The page at 'https://login.microfocus.com/nidp/app/login?id=26&sid=0&option=credential&sid=0' was loaded over HTTPS, but requested an insecure script 'http://www.novell.com/common/util/ipcheck/?v=1'. This request has been blocked; the content must be served over HTTPS."
Could this be used by an attacker to collect login data of contributors and then compromise the distribution?
Inlikely to occur. why would you bother trying to subvert this when there must be tons of other bugs easier to exploit ? ;-) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org