[
https://issues.apache.org/jira/browse/CB-9014?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14542530#comment-14542530
]
Shazron Abdullah commented on CB-9014:
--------------------------------------
If this is a security issue, reports should be sent to
secur...@cordova.apache.org instead, with steps to ensure a reproduction, and
for evaluation. This should never be reported in a public issue tracker.
See: https://www.apache.org/security/committers.html
I'll leave this up until tonight until you can get to it (you should get an
email anyway) -- we can correspond privately at shazron (at) apache (dot) org
for next steps if you have more questions.
> Man In The Middle Attack - SSL Connection - Jquery - Burp Suite
> ---------------------------------------------------------------
>
> Key: CB-9014
> URL: https://issues.apache.org/jira/browse/CB-9014
> Project: Apache Cordova
> Issue Type: Bug
> Components: CordovaLib, iOS
> Affects Versions: 3.8.0, 5.0.0
> Environment: iPhone5s - iOS 8.3 / iPad4 iOS8.3
> Reporter: Niek Heezemans
> Labels: security
> Fix For: 3.8.0, 5.0.0
>
>
> I manually added a Proxy (Burp Suite) to my Wifi Connection and let my App
> connect to a server with a valid SSL certificate threw a jQuery Ajax call.
> Burp generates its own CA certificate (Self Signed) but this is not detected
> by Cordova.
> I can read all the Requests and Responses to and from my secure server within
> Burp.
> This happens on both Debug as well as on the Enterprise Signed IPA.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscr...@cordova.apache.org
For additional commands, e-mail: issues-h...@cordova.apache.org
