CVE-2013-0240

Currently unrated

Key Information:

Vendor: Gnome
Status: Gnome Online Accounts
Vendor: CVE Published:; 2 April 2013

Summary

Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.5, does not properly validate SSL certificates when creating accounts such as Windows Live and Facebook accounts, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network.

References

https://git.gnome.org/browse/gnome-online-accounts/commit...

x_refsource_CONFIRM

http://secunia.com/advisories/51976

third-party-advisoryx_refsource_SECUNIA

https://git.gnome.org/browse/gnome-online-accounts/commit...

x_refsource_CONFIRM

Timeline

Vulnerability published
Apr 2, 2013
Vulnerability Reserved
Dec 6, 2012