sts.sd203.org has many security issues with its tls configuration

UNCONFIRMED
Unassigned

Status

Tech Evangelism
Desktop
UNCONFIRMED
3 months ago
2 months ago

People

(Reporter: devksingh4, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

3 months ago
Created attachment 8906339 [details]
screenshot of screen.

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:57.0) Gecko/20100101 Firefox/57.0
Build ID: 20170909100226

Steps to reproduce:

Navigate to http://canvaslaunch.naperville203.org:8000/canvaslaunch2.html

click on Students: Sign in with d203 account
signed in with my user name and password which i cannot disclose for obvious reasons. 


Actual results:

Single Sign On page loads
I enter username and password. 
Connection to sts.sd203.org was interrupted because the authenticity of the recieved data could not be verifies


Expected results:

login should succeed and bring to dashboard

NOTE: This site works on FF Beta, FF Stable, Chrome, Vivaldi, and Internet Explorer.

Updated

2 months ago
Component: Untriaged → Security: PSM
Product: Firefox → Core
Probably due to bug 1386754 - that server only supports RC4 and 3DES (and has a whole slew of other things wrong with it): https://www.ssllabs.com/ssltest/analyze.html?d=sts.sd203.org
Component: Security: PSM → Desktop
Product: Core → Tech Evangelism
Summary: authenticty of data recieved cannot be verified on school website → sts.sd203.org has many security issues with its tls configuration
Version: 57 Branch → unspecified
You need to log in before you can comment on or make changes to this bug.