APT vulnerable to man-in-the-middle attacks since 2010 (opens in new tab)

(slashdot.org)

3 pointsgPphX11y ago1 comments

1 comments

This is sort of overblown. The vulnerability is in libcurl, not apt. It only applies to people (and CAs) who are dumb enough to issue certs where there is a wildcarded IP in the CN. I've never seen this in the wild, not that it couldn't happen.

j / k navigate · click thread line to collapse

APT vulnerable to man-in-the-middle attacks since 2010 (opens in new tab)

(slashdot.org)

3 pointsgPphX11y ago1 comments

1 comments

huslage11y ago

This is sort of overblown. The vulnerability is in libcurl, not apt. It only applies to people (and CAs) who are dumb enough to issue certs where there is a wildcarded IP in the CN. I've never seen this in the wild, not that it couldn't happen.

j / k navigate · click thread line to collapse