Ticket #15388 (new defect)
Please enable HTTPS for downloads
Reported by: | jared | Owned by: | |
---|---|---|---|
Component: | other | Version: | VirtualBox 5.0.20 |
Keywords: | security | Cc: | |
Guest type: | other | Host type: | other |
Description
I submitted this security vulnerability to secalert_us@… but they feel it is mitigated by the existing practice of securely publishing checksums, and asked me to publish the vulnerability here.
As most users will not go through the trouble of manually verifying a checksum, please enable HTTPS for downloads.
This was suggested almost two years ago in https://www.virtualbox.org/ticket/13318 but this vulnerability still exists.
Change History
Note: See
TracTickets for help on using
tickets.
Oh, and thanks for all the great work that goes into VirtualBox, it's a great project!