Vulnerability CVE-2013-0240
Published: 2013-04-01   Modified: 2013-04-02

Description:
Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.5, does not properly validate SSL certificates when creating accounts such as Windows Live and Facebook accounts, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network.

Type:

CWE-310

 (Cryptographic Issues)

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Ubuntu -> Ubuntu 
Gnome -> Gnome online accounts 

 References:
https://mail.gnome.org/archives/gnome-announce-list/2013-March/msg00007.html
https://git.gnome.org/browse/gnome-online-accounts/commit/?id=edde7c63326242a60a075341d3fea0be0bc4d80e
https://git.gnome.org/browse/gnome-online-accounts/commit/?id=bc10fdb68f75f8be84eb698ada08743b9c7c248f
https://git.gnome.org/browse/gnome-online-accounts/commit/?h=gnome-3-6&id=ecad8142e9ac519b9fc74b96dcb5531052bbffe1
https://bugzilla.redhat.com/show_bug.cgi?id=894352
https://bugzilla.gnome.org/show_bug.cgi?id=693214
http://ubuntu.com/usn/usn-1779-1
http://secunia.com/advisories/52791
http://secunia.com/advisories/51976
http://lists.opensuse.org/opensuse-updates/2013-02/msg00046.html
Copyright 2024, cxsecurity.com

 

Back to Top