phrasespot Posted October 25, 2012 Share Posted October 25, 2012 ...We demonstrate that SSL certificate validation is completely broken in many security-critical applications and libraries. Vulnerable software includes ...PrestaShop... Full paper Link to comment Share on other sites More sharing options...
clayton29657 Posted October 25, 2012 Share Posted October 25, 2012 wtf is this true? Link to comment Share on other sites More sharing options...
vynx Posted October 25, 2012 Share Posted October 25, 2012 what prestashop version affected? Link to comment Share on other sites More sharing options...
phrasespot Posted October 25, 2012 Author Share Posted October 25, 2012 (edited) Hmm. Yea... no need to panic just yet. Just a bit of research which happens to mention PrestaShop as well other industry leaders. Read the paper. Applying it in the real world is quite involved and requires a degree of competence not inherent in 98% of attackers. Man-in-the-middle attacks are in the domain of the top of the food chain. Edited October 25, 2012 by phrasespot (see edit history) Link to comment Share on other sites More sharing options...
Radu Posted March 7, 2013 Share Posted March 7, 2013 I just read also the paper, it's just stated that most gateway implementations are turning off the ssl certificate checks when using curl. It's to avoid not connecting to the gateway when on the server is installed a non-trusted SSL cert. In my opinion nothing to worry about. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now