*** This bug is a duplicate of bug 1055649 ***
https://bugs.launchpad.net/bugs/1055649
** This bug has been marked a duplicate of bug 1055649
[FFE] Change from http to https and verify cert
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed
If we look at build_search_uri function in scope.vala, we see that the
scope actually looks the product search server URI from environment
variable OFFERS_URI first. If there's no OFFERS_URI environment variable
only then the OFFERS_BASE_URI is used.
So basically you just need to set the OFFERS_UR
Also, the string doesn't end with a slash as it should. It should be
.com/ with the slash at the end to make the domain fully-qualified to
prevent a domain from being suffixed, such as
ubuntu.com.evil.example.com
--
You received this bug notification because you are a member of Ubuntu
Bugs, which
So we need HTTPS with certificate validation.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1054677
Title:
Communicates with server in plaintext
To manage notifications about this bug go to:
https:
I'm not a security expert but I think this could also open the door to a
MITM phishing attack. A user could click a link (sent from a server
pretending to be productsearch.ubuntu.com) thinking they are buying from
amazon.com but instead the login information is being read by a
malicious third party
Status changed to 'Confirmed' because the bug affects multiple users.
** Changed in: unity-lens-shopping (Ubuntu)
Status: New => Confirmed
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1054677
