25 Apr
2016
25 Apr
'16
07:48
On 13/04/16 12:37, Andreas Schwab wrote:
Thomas Biege
writes: Well I assume that at least the credentials and the source code is transferred in plaintext and can be manipulated on the fly or captured.
The API always uses TLS, only certificate verification can be skipped.
So it needs an active man in the middle attack or just redirect traffic
via DHCP/DNS etc.
--
Viele Grüße / Best regards
Thomas
--
Thomas Biege