#13346: OpenWRT downloads susceptible to MITM attacks?
------------------------------+--------------------------------
Reporter: openwrt-devel@… | Owner:
Type: defect | Status: reopened
Priority: highest | Milestone:
Component: website | Version:
Resolution: | Keywords: MD5 SSL HTTPS MITM
------------------------------+--------------------------------
Comment (by anonymous):
It is not possible for a user to listen to every CCC-talk and hope, that
there are some informations about any software the user is thinking about
to use. What kind of usability should this be? Maybe the user also just
dont understand the english language. Luci is translated into many
languages and uses the language that is been set in the user-agent of the
browser.
It is also understandable, that the best way is to compile the own images.
This is not neccecery for normal user who just want to add in 10minutes
(from never used to working on his router) additional functionality and
security.
The main reason is: kaloz told it is fixed. And thats wrong! MITM is still
possible. Also SHA is not been used like told in first post.
So please fix this bugreport. The homepages have security issues, MD5 is
been used where it should not be used any more, RC4 is turned on on some
servers, and so on.
--
Ticket URL: <https://dev.openwrt.org/ticket/13346#comment:12>
OpenWrt <http://openwrt.org>
Opensource Wireless Router Technology
_______________________________________________
openwrt-tickets mailing list
[email protected]
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-tickets
