No indication of whether credit card page is using an encrypted HTTPS connection
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| software-center (Ubuntu) |
New
|
Undecided
|
Unassigned | ||
Bug Description
Binary package hint: software-center
When I purchase the test wallpaper, the (presumably web-based) purchase interface is shown in a standard window, without any browser indicators. So there is no way to know if the connection to the payment server is secure, which is a serious concern when I have to enter my credit card details.
It makes me fear that someone spoofing the payment server could steal my credit card details (and my launchpad login details) unnoticed.
ProblemType: Bug
DistroRelease: Ubuntu 10.10
Package: software-center 3.0.4
ProcVersionSign
Uname: Linux 2.6.35-22-generic x86_64
NonfreeKernelMo
Architecture: amd64
Date: Thu Oct 7 18:12:58 2010
InstallationMedia: Ubuntu 10.04 "Lucid Lynx" - Release Candidate amd64 (20100419.1)
PackageArchitec
ProcEnviron:
PATH=(custom, user)
LANG=en_GB.utf8
SHELL=/bin/bash
SourcePackage: software-center
| Thomas Horsten (thomas-horsten) wrote | #1 |
| Thomas Horsten (thomas-horsten) wrote | #2 |
| Thomas Horsten (thomas-horsten) wrote | #3 |
| security vulnerability: | no → yes |
How can I mark this as a security issue? I missed the checkbox before hitting submit.