QwikSec

Security Database

CVE

CWE

Training

CVE-2013-0240

Published: Mar 28, 2013

Modified: Aug 6, 2024

PUBLISHED

Description

Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.5, does not properly validate SSL certificates when creating accounts such as Windows Live and Facebook accounts, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://git.gnome.org/browse/gnome-online-accounts/commit/?id=edde7c63326242a60a075341d3fea0be0bc4d80e

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

https://git.gnome.org/browse/gnome-online-accounts/commit/?id=bc10fdb68f75f8be84eb698ada08743b9c7c248f

x_refsource_CONFIRM

[gnome-announce-list] 20130304 GNOME Online Accounts 3.6.3 released

mailing-list

x_refsource_MLIST

vendor-advisory

x_refsource_UBUNTU

https://git.gnome.org/browse/gnome-online-accounts/commit/?h=gnome-3-6&id=ecad8142e9ac519b9fc74b96dcb5531052bbffe1

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

https://bugzilla.gnome.org/show_bug.cgi?id=693214

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=894352

x_refsource_MISC

openSUSE-SU-2013:0301

vendor-advisory

x_refsource_SUSE

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.