Lucene search

K

RedhatCVELIST:CVE-2013-0240

HistoryMar 28, 2013 - 5:00 p.m.

CVE-2013-0240

2013-03-2817:00:00

redhat

www.cve.org

2

AI Score

5.6

Confidence

Low

EPSS

0.002

Percentile

55.6%

Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.5, does not properly validate SSL certificates when creating accounts such as Windows Live and Facebook accounts, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network.

References

lists.opensuse.org/opensuse-updates/2013-02/msg00046.html

secunia.com/advisories/51976

secunia.com/advisories/52791

ubuntu.com/usn/usn-1779-1

bugzilla.gnome.org/show_bug.cgi?id=693214

bugzilla.redhat.com/show_bug.cgi?id=894352

git.gnome.org/browse/gnome-online-accounts/commit/?h=gnome-3-6&id=ecad8142e9ac519b9fc74b96dcb5531052bbffe1

git.gnome.org/browse/gnome-online-accounts/commit/?id=bc10fdb68f75f8be84eb698ada08743b9c7c248f

git.gnome.org/browse/gnome-online-accounts/commit/?id=edde7c63326242a60a075341d3fea0be0bc4d80e

mail.gnome.org/archives/gnome-announce-list/2013-March/msg00007.html

AI Score

5.6

Confidence

Low

EPSS

0.002

Percentile

55.6%

Related for CVELIST:CVE-2013-0240

prion2 nessus3 openvas4 fedora1 nvd2 cve2 debiancve2 ubuntucve2 securityvulns2 cvelist1 ubuntu1