1
Support and Feedback / Severe security vulnerabilities for Multi Commander
« on: May 25, 2020, 07:47:28 »
Hello
The Multi Commander is really a great tool. But unfortunately it's exposed severely for security vulnerabilities
1. Its web page uses still HTTP but not HTTPS. So no user has a chance to prove it by checking the certificate. Man-in-the-middle and many other attacks can not be detected.
2. The application is not digitally signed. A modification of the application by a malicious app cannot be detected.
Neither authentity nor authority can be proven.
Question: Are you really willing to jeopardise your great work by such silly security omissions?
That would be really a bummer.
So please fix that. https://letsencrypt.org/ offers certificates free of charge.
Thanks.
Kind regards,
Andreas
The Multi Commander is really a great tool. But unfortunately it's exposed severely for security vulnerabilities
1. Its web page uses still HTTP but not HTTPS. So no user has a chance to prove it by checking the certificate. Man-in-the-middle and many other attacks can not be detected.
2. The application is not digitally signed. A modification of the application by a malicious app cannot be detected.
Neither authentity nor authority can be proven.
Question: Are you really willing to jeopardise your great work by such silly security omissions?
That would be really a bummer.
So please fix that. https://letsencrypt.org/ offers certificates free of charge.
Thanks.
Kind regards,
Andreas