resync mitm due to verifypeer=0 #15

Closed
StormTide opened this Issue Jan 3, 2014 · 2 comments

Projects

None yet

3 participants

@StormTide

https://github.com/Yubico/yubikey-val/blob/master/ykval-synclib.php#L333

Verifypeer = 0 here disables any protections granted by TLS. The response data can be manipulated by a mitm attacker.

@fredrikt
Contributor
fredrikt commented Jan 5, 2014

Some discussion on Twitter about this : https://twitter.com/KevinSMcArthur/status/419225353832255488

@klali
Member
klali commented Jan 7, 2014

Thank you for noticing this, dropping that right away.

/klas

@klali klali added a commit that closed this issue Jan 7, 2014
@klali klali always verify ssl peer
fixes #15
2424d15
@klali klali closed this in 2424d15 Jan 7, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment