NACK. This is unacceptable for anything that uses encryption:
libfreerdp/crypto_openssl.c:
RD_BOOL
crypto_cert_verify(CryptoCert server_cert, CryptoCert cacert)
{
/* FIXME: do the actual verification */
return True;
}
I didn't look any further than this; it implies a grievous lack of
attention to security.
** Changed in: freerdp (Ubuntu)
Status: Confirmed => Incomplete
** Changed in: freerdp (Ubuntu)
Assignee: Ubuntu Security Team (ubuntu-security) => (unassigned)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/673925
Title:
[MIR] freerdp
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
