CVE-2013-1799

Currently unrated

Key Information:

Vendor: Gnome
Status: Gnome Online Accounts
Vendor: CVE Published:; 2 April 2013

Summary

Gnome Online Accounts (GOA) 3.6.x before 3.6.3 and 3.7.x before 3.7.91, does not properly validate SSL certificates when creating accounts for providers who use the libsoup library, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network. NOTE: this issue exists because of an incomplete fix for CVE-2013-0240.

References

https://mail.gnome.org/archives/gnome-announce-list/2013-...

mailing-listx_refsource_MLIST

https://git.gnome.org/browse/gnome-online-accounts/commit...

x_refsource_CONFIRM

http://secunia.com/advisories/51976

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Apr 2, 2013
Vulnerability Reserved
Feb 19, 2013