[opensuse-factory] bugzilla login insecure?
Hi, The login to bugzilla now forwards to https://login.microfocus.com FF warns that this page is not secure (missing identity data, partly not encrypted content, defect encryption). Could this be used by an attacker to collect login data of contributors and then compromise the distribution? Regards, Dieter -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Thu, Jun 4, 2015 at 10:46 AM, dieter <d_werner@gmx.net> wrote:
Hi,
The login to bugzilla now forwards to https://login.microfocus.com FF warns that this page is not secure (missing identity data, partly not encrypted content, defect encryption).
I do not get this warning using Firefox ESR 31.7.0 on Windows. Although I'm behind a proxy so I cannot exclude MITM here.
Could this be used by an attacker to collect login data of contributors and then compromise the distribution?
Regards, Dieter
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
-- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Thu, Jun 4, 2015 at 4:46 AM, dieter <d_werner@gmx.net> wrote:
Hi,
The login to bugzilla now forwards to https://login.microfocus.com FF warns that this page is not secure (missing identity data, partly not encrypted content, defect encryption).
"Mixed Content: The page at 'https://login.microfocus.com/nidp/app/login?id=26&sid=0&option=credential&sid=0' was loaded over HTTPS, but requested an insecure script 'http://www.novell.com/common/util/ipcheck/?v=1'. This request has been blocked; the content must be served over HTTPS."
Could this be used by an attacker to collect login data of contributors and then compromise the distribution?
Inlikely to occur. why would you bother trying to subvert this when there must be tons of other bugs easier to exploit ? ;-) -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
On Thu, 04 Jun 2015 09:46:52 +0200, dieter wrote:
Hi,
The login to bugzilla now forwards to https://login.microfocus.com FF warns that this page is not secure (missing identity data, partly not encrypted content, defect encryption).
Could this be used by an attacker to collect login data of contributors and then compromise the distribution?
Micro Focus is the new owner of SUSE. login.microfocus.com is theirs - basically, a rebranded login page for the former Attachmate business units/companies. Jim -- Jim Henderson Please keep on-topic replies on the list so everyone benefits -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
participants (4)
-
Andrei Borzenkov
-
Cristian Rodríguez
-
dieter
-
Jim Henderson