#13346: OpenWRT downloads susceptible to MITM attacks?
------------------------------+--------------------------------
Reporter: openwrt-devel@… | Owner:
Type: defect | Status: reopened
Priority: highest | Milestone:
Component: website | Version:
Resolution: | Keywords: MD5 SSL HTTPS MITM
------------------------------+--------------------------------
Comment (by anonymous):
Quick check:
openwrt.org seems to get updated from time to time. SSL3 is disabled -
thanks! RC4 is still enabled.
dev.openwrt.org - Its vulnerable to the POODLE attack for a long time!
Signatures are old and insecure. No one seems update the server. The
Server is been managed by the developer Mirko Vogt on his own domain (
dev.openwrt.nanl.de ). A bit ironical is that he has updated the OpenSSL
version in OpenWrt in 04/2014 https://dev.openwrt.org/changeset/40423
Please put dev.openwrt.org on the main server that seems to be managed
much better.
--
Ticket URL: <https://dev.openwrt.org/ticket/13346#comment:14>
OpenWrt <http://openwrt.org>
Opensource Wireless Router Technology
_______________________________________________
openwrt-tickets mailing list
[email protected]
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-tickets
