iTunes Connect page contains insecure (http) resources
| Originator: | jbrayton | ||
| Number: | rdar://12945581 | Date Originated: | |
| Status: | Resolved: | ||
| Product: | App Store | Product Version: | N/A |
| Classification: | Security | Reproducible: | Always |
Summary: The "Manage Your Apps" page contains application icons that are retrieved via HTTP, instead of HTTPS. This introduces two problems: 1. The browser URL bar does not show that the page is being served securely. 2. A man-in-the-middle attacker could substitute those image files with other files. Steps to Reproduce: 1. Log into an iTunes Connect account with at least one app. 2. After logging in, note click on the "Manage Your Applications" link. Expected Results: I would expect the URL bar to indicate that the page is being served securely. Actual Results: The URL bar indicates that the page is not served securely. Regression: N/A Notes: N/A
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!