[
https://issues.apache.org/jira/browse/CB-9014?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14542732#comment-14542732
]
Niek Heezemans commented on CB-9014:
------------------------------------
Shazron,
If neccessary please remove the issue and I'll send an Email with the steps for
reproduction. Thanks for the reply.
Met vriendelijke groet / Kind regards,
Niek Heezemans
Enterprise Mobility Consultant
Ringwade 1, 3439 LM Nieuwegein
Telefoon: +31(0)30 663 70 00<tel:+31(0)30%20663%2070%2000>
Mobiel: +31(0)61 076 12 19<tel:+31(0)61%20076%2012%2019>
[email protected]<mailto:[email protected]>
Clockwork wint Quli DIA award 2014 categorie Best Service
Ordina wint Computable Award voor beste ICT-Dienstverlener van 2014
On Wed, May 13, 2015 at 12:35 PM -0700, "Shazron Abdullah (JIRA)"
<[email protected]<mailto:[email protected]>> wrote:
[
https://issues.apache.org/jira/browse/CB-9014?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14542530#comment-14542530
]
Shazron Abdullah commented on CB-9014:
--------------------------------------
If this is a security issue, reports should be sent to
[email protected] instead, with steps to ensure a reproduction, and
for evaluation. This should never be reported in a public issue tracker.
See: https://www.apache.org/security/committers.html
I'll leave this up until tonight until you can get to it (you should get an
email anyway) -- we can correspond privately at shazron (at) apache (dot) org
for next steps if you have more questions.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
> Man In The Middle Attack - SSL Connection - Jquery - Burp Suite
> ---------------------------------------------------------------
>
> Key: CB-9014
> URL: https://issues.apache.org/jira/browse/CB-9014
> Project: Apache Cordova
> Issue Type: Bug
> Components: CordovaLib, iOS
> Affects Versions: 3.8.0, 5.0.0
> Environment: iPhone5s - iOS 8.3 / iPad4 iOS8.3
> Reporter: Niek Heezemans
> Labels: security
> Fix For: 3.8.0, 5.0.0
>
>
> I manually added a Proxy (Burp Suite) to my Wifi Connection and let my App
> connect to a server with a valid SSL certificate threw a jQuery Ajax call.
> Burp generates its own CA certificate (Self Signed) but this is not detected
> by Cordova.
> I can read all the Requests and Responses to and from my secure server within
> Burp.
> This happens on both Debug as well as on the Enterprise Signed IPA.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
