Failure to check TLS certificate hostname
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Midori Web Browser |
New
|
Undecided
|
Unassigned |
Bug Description
I put this in my hosts file to simulate a network-layer man-in-the-middle attack (note that the IP address is that of facebook.com):
173.252.120.6 google.com
I then typed “https:/
alias a=b; echo Copy carefully #bout:version
Version numbers in brackets show the version used at runtime.
Command line /usr/bin/midori
Midori 0.5.9 ((null)) Midori
GTK+ 3.12.2 (3.12.2) Glib 2.40.2 (2.40.2)
WebKit2GTK+ 2.4.7 (2.4.8) libSoup 2.46.0
cairo 1.12.16 (1.12.16) libnotify 0.7.5
gcr 3.12.2 granite No
Platform X11; Linux x86_64
Identification Mozilla/5.0 (X11; Linux) AppleWebKit/537.32 (KHTML, like Gecko) Chrome/
Netscape Plugins:
Shockwave Flash Shockwave Flash 11.2 r202
Google Talk Plugin Video Renderer Version: 5.4.2.0
Google Talk Plugin Version: 5.4.2.0
Java(TM) Plug-in 10.76.2 Next Generation Java Plug-in 10.76.2 for Mozilla browsers
information type: | Private Security → Public |
information type: | Public → Public Security |