Red Hat Bugzilla – Bug 1296263
Security issue in Nuvola Player 2 - no SSL certificate verification
Last modified: 2016-09-21 14:51:48 EDT
WebKitGTK+ library, used by Nuvola Player 2, comes with a disabled validation of SSL certificates by default. Since Nuvola Player 2 doesn't explicitly turn certificate verification on, it is vulnerable to Man in the middle attack, which may result in a theft of passwords to streaming services or linked third-party accounts (e.g. Facebook if the "Login with Facebook" feature has been used). Nuvola Player team recommends upgrading to Nuvola Player 3, which is not affected by this issue.
Affected versions: All Nuvola Player 2 releases
Fixed in: Nuvola Player 3