SSL Certificate Validation Issue in Gnome Online Accounts by GNOME
CVE-2013-0240

Currently unrated

Key Information:

Vendor: Gnome
Status: Gnome Online Accounts
Vendor: CVE Published:; 2 April 2013

What is CVE-2013-0240?

The Gnome Online Accounts (GOA) versions 3.4.x, 3.6.x prior to 3.6.3, and 3.7.x prior to 3.7.5 exhibit a vulnerability due to improper SSL certificate validation. This flaw can be exploited by attackers to perform man-in-the-middle attacks, allowing them to intercept sensitive information, such as user credentials, while users create accounts with services like Windows Live and Facebook. The lack of adequate certificate verification exposes users to significant risks, emphasizing the importance of secure communication protocols.

References

https://git.gnome.org/browse/gnome-online-accounts/commit...

x_refsource_CONFIRM

http://secunia.com/advisories/51976

third-party-advisoryx_refsource_SECUNIA

https://git.gnome.org/browse/gnome-online-accounts/commit...

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 2, 2013
Vulnerability Reserved
Dec 6, 2012

JSON