-
-
Notifications
You must be signed in to change notification settings - Fork 250
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SSL configuration insecure exception #1145
Comments
I am wondering if this is really a security issue. |
The purpose of this change is to promote zero-trust environment inside Movim system |
Closing the issue as this is not actually something I'm planning, and willing, to change/fix |
According to the code presented in the file UtilsHelper.php, we can see if the host of the URL request is the same one as the PHP server host, the SSL verification, which by default is turned on, is disabled in this scenario.
This leaves this communication open to Man-in-the-middle attacks from inside the PHP Host.
The reccomendations is part of a privately disclosed report, with the id MOV - 001
The text was updated successfully, but these errors were encountered: