QwikSec

Security Database

CVE

CWE

Training

CVE-2011-4129

Published: Oct 22, 2012

Modified: Aug 7, 2024

PUBLISHED

Description

(1) services/twitter/twitter-contact-view.c and (2) services/twitter/twitter-item-view.c in libsocialweb before 0.25.20 automatically connect to Twitter when no Twitter account is set, which might allow remote attackers to obtain sensitive information via a man-in-the-middle (MITM) attack.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://bugzilla.redhat.com/show_bug.cgi?id=752022

x_refsource_MISC

http://git.gnome.org/browse/libsocialweb/commit/?id=0086bfbfc07345438123a87957e0bc12226e2b94

x_refsource_CONFIRM

http://git.gnome.org/browse/libsocialweb/commit/?id=8982cf504cf3767761fe85d9558beab3d9da5bec

x_refsource_CONFIRM

[oss-security] 20111109 Re: CVE Request -- libsocialweb -- Untrusted connection opened to Twitter social service without user's approval upon service start via dbus

mailing-list

x_refsource_MLIST

[oss-security] 20111109 CVE Request -- libsocialweb -- Untrusted connection opened to Twitter social service without user's approval upon service start via dbus

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

CVE-2011-4129 - Security Vulnerability | QwikSec