Softaculous

Topic : Softaculous and Webuzo don't force HTTPS to prevent NSA and (other) MITM interceptions


Posted By: portatexas on July 18, 2014, 8:22 am
Softaculous and Webuzo don't force HTTPS to prevent NSA and (other) MITM interceptions. This is a security related bug. HTTPS should be the default in order to prevent agencies such as the NSA, the chinese government or any type of hacker to intercept the login credentials and own the entire server through Softaculous software.

Posted By: portatexas on July 18, 2014, 8:31 am | Post: 1
To make this work, there should be an easy way to see the difference between the real SSL certificate and a forged one as well.

Posted By: Brijesh on July 22, 2014, 1:43 pm | Post: 2
Hi,

Sorry for the delay.

We have made the required changes so that the login is processed via SSL. We will be updating the site within a day or two.

-----------------------
Webuzo - Multi User Hosting Control Panel
AMPPS - Best WordPress/PHP/MySQL development tool

Posted By: Brijesh on July 25, 2014, 2:07 pm | Post: 3
Hi,

We have made the required changes and all the logins will now be processed with SSL.

-----------------------
Webuzo - Multi User Hosting Control Panel
AMPPS - Best WordPress/PHP/MySQL development tool

Powered By AEF 1.0.8 © 2007-2008 Electron Inc.