this python project is vulnerable to MITM as it fails to verify the ssl validity of the remote destination.
urllib / urllib2, httplib.SHTTPConnection do not verify ssl at all by default.
from base.py
class ConnectionKey(object):
"""
A Base Connection class to derive from.
"""
conn_classes = (httplib.HTTPConnection, httplib.HTTPSConnection)
....
def connect(self, host=None, port=None):
.....
connection = self.conn_classes[self.secure](host, port)
this request can be MITMed leading to the compromise of a users API key - where a secured https connection was requested, but can be MITM'ed.
this python project is vulnerable to MITM as it fails to verify the ssl validity of the remote destination.
urllib / urllib2, httplib.SHTTPConnection do not verify ssl at all by default.
from base.py
class ConnectionKey(object):
"""
A Base Connection class to derive from.
"""
conn_classes = (httplib.HTTPConnection, httplib.HTTPSConnection)
....
def connect(self, host=None, port=None):
.....
connection = self.conn_classes[self.secure](host, port)
this request can be MITMed leading to the compromise of a users API key - where a secured https connection was requested, but can be MITM'ed.