Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Checksums of downloaded files are not verified #58

Open
gsauthof opened this Issue Feb 24, 2016 · 0 comments

Comments

Projects
None yet
1 participant
@gsauthof
Copy link

gsauthof commented Feb 24, 2016

Unetbooting doesn't verify any checksums of the downloaded image files.

Those files are downloaded via HTTP, thus, you can't even rely on a secure connection to the server.

Not verifying checksums is a big invitation for Man-In-The-Middle attacks.

Example download:

http://www.ibiblio.org/pub/micro/pc-stuff/freedos/files/distributions/1.0/fdboot.img

Possible resolution: Include a list of checksums that includes an entry for each image that is downloadable via unetbootin.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.