|
|
|
|
|
|
by sdefresne
600 days ago
|
|
|
Those are minor if certificates errors are not ignored. Since the original issue is that the ssl errors are ignored, then all those https downloads are downgraded to http downloads in practice (no need to mitm to attack). Or to say it another way, due to ignoring ssl errors, all those https urls were giving a wrong sense of security as reviewers would think them secure when they were not (due to lack of validation of ssl). |
|
|