** Description changed: + [Impact] + + The video scope uses http instead of https, allowing user queries to be + potentially intercepted. + + [Test Case] + + Use the video lens after the fix, check network traffic so that https is + used instead of http. + + [Regression Potential] + + Low, the servers answers identically to https/SSL requests. + + -- + What happened: SERVER = "http://videosearch.ubuntu.com/v0"; string in unity-scope-video-remote does not use SSL. What was expected: SERVER = "https://videosearch.ubuntu.com/v0"; was the actual string and SSL was configured on the videosearch.ubuntu.com server. - Without SSL this scope would allow users queries to be intercepted and have malicious results returned if MitM took place.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1071079 Title: unity-scope-video-remote server field should use "https" for privacy To manage notifications about this bug go to: https://bugs.launchpad.net/unity-scope-video-remote/+bug/1071079/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
