Insecure installation of BILLmanager, susceptible to MITM attacks and SSL misconfiguration for CDN
Solved
Hello,
The BILLmanager installation documentation page https://docs.ispsystem.com/billmanager/installation-and-updates/installation-process for EN and https://docs.ispsystem.ru/billmanager/ustanovka-i-obnovlenie/protsess-ustanovki for RU provides insecure link to download installation script via http (without SSL, check 1st screeensot), which allows to perform a MITM attacks.
And if try to "cheat" and substitute "S" to the URL (2nd screensot), we can see that here you trying to using a certificate from domain "download.ispsystem.com", so that tell us that here is no SSL certificate.
Добрый день!
Мы создали обращение в вашем личном кабинете, вы можете увидеть его в разделе "техническая поддержка".
Replies have been locked on this page!