Opened 8 months ago
Last modified 8 months ago
#30343 new defect
TBB Gives HTTPS Green Lock for misconfigured SSL/TLS
Reported by: | bo0od | Owned by: | tbb-team |
---|---|---|---|
Priority: | High | Milestone: | |
Component: | Applications/Tor Browser | Version: | |
Severity: | Major | Keywords: | |
Cc: | Actual Points: | ||
Parent ID: | Points: | ||
Reviewer: | Sponsor: |
Description
I have just reported a flaw with passing a misconfigured ssl/tls certificate which is allowing MITM. I reported that against https-everywhere but they answered it that https-everywhere doesnt access ssl info. So maybe it is a browser level issue?
otherwise really what is the use of green lock and https-everywhere plugin if a website pretend to be having ssl/tls connection while in fact its just fake one and MITM is possible through it ?
SSL test:
https://www.ssllabs.com/ssltest/analyze.html?d=zu.ac.ae
HTTPS-Everywhere Github Ticket:
https://github.com/EFForg/https-everywhere/issues/17851#event-2309447045
Child Tickets
Change History (2)
comment:1 Changed 8 months ago by
Parent ID: | #30335 |
---|
Sounds like an upstream issue. Could you file a bug at Mozilla's bugzilla as I assume Firefox is affected here as well? (Please add the ticket number here for reference)