Messages

1

Support and Feedback / Re: Severe security vulnerabilities for Multi Commander

« on: June 04, 2020, 19:54:03 »

Almost all providers of web services with a login provides their web page with HTTPS - banks, shops etc. Even the login credentials for your forum are transmitted as clear text. So why do they invest in security which you argue as unneeded or too expensive?

I understand that security is not for free. I hope you'll find a valuable business model which allows you to provide a minimal security level to protect your product and your customers.

Kind regards,
Andreas

2

Support and Feedback / Severe security vulnerabilities for Multi Commander

« on: May 25, 2020, 07:47:28 »

Hello

The Multi Commander is really a great tool. But unfortunately it's exposed severely for security vulnerabilities
1. Its web page uses still HTTP but not HTTPS. So no user has a chance to prove it by checking the certificate. Man-in-the-middle and many other attacks can not be detected.
2. The application is not digitally signed. A modification of the application by a malicious app cannot be detected.
Neither authentity nor authority can be proven.

Question: Are you really willing to jeopardise your great work by such silly security omissions?
That would be really a bummer.

So please fix that. https://letsencrypt.org/ offers certificates free of charge.

Thanks.

Kind regards,
Andreas