Insecure Default Configuration in electron-packager Allows Man-in-the-Middle Attack

Insecure Default Configuration in electron-packager Allows Man-in-the-Middle Attack

CVE-2016-10534 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

electron-packager is a command line tool that packages Electron source code into `.app` and `.exe` packages. along with Electron. The `--strict-ssl` command line option in electron-packager >= 5.2.1 <= 6.0.0 || >=6.0.0 <= 6.0.2 defaults to false if not explicitly set to true. This could allow an attacker to perform a man in the middle attack.

Learn more about our Web Application Penetration Testing UK.