CVE-2013-0240

2013-04-0203:22:21

CWE-310

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

5.8

Confidence

Low

EPSS

0.002

Percentile

55.6%

JSON

Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.5, does not properly validate SSL certificates when creating accounts such as Windows Live and Facebook accounts, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network.

Affected configurations

Nvd

Node

gnomegnome_online_accountsMatch3.4.0

gnomegnome_online_accountsMatch3.4.1

Node

gnomegnome_online_accountsMatch3.6.0

gnomegnome_online_accountsMatch3.6.1

gnomegnome_online_accountsMatch3.6.2

Node

gnomegnome_online_accountsMatch3.7.1

gnomegnome_online_accountsMatch3.7.2

gnomegnome_online_accountsMatch3.7.3

gnomegnome_online_accountsMatch3.7.4

Node

canonicalubuntu_linuxMatch11.10

canonicalubuntu_linuxMatch12.04-lts

canonicalubuntu_linuxMatch12.10

VendorProductVersionCPE
gnomegnome_online_accounts3.4.0cpe:2.3:a:gnome:gnome_online_accounts:3.4.0:*:*:*:*:*:*:*
gnomegnome_online_accounts3.4.1cpe:2.3:a:gnome:gnome_online_accounts:3.4.1:*:*:*:*:*:*:*
gnomegnome_online_accounts3.6.0cpe:2.3:a:gnome:gnome_online_accounts:3.6.0:*:*:*:*:*:*:*
gnomegnome_online_accounts3.6.1cpe:2.3:a:gnome:gnome_online_accounts:3.6.1:*:*:*:*:*:*:*
gnomegnome_online_accounts3.6.2cpe:2.3:a:gnome:gnome_online_accounts:3.6.2:*:*:*:*:*:*:*
gnomegnome_online_accounts3.7.1cpe:2.3:a:gnome:gnome_online_accounts:3.7.1:*:*:*:*:*:*:*
gnomegnome_online_accounts3.7.2cpe:2.3:a:gnome:gnome_online_accounts:3.7.2:*:*:*:*:*:*:*
gnomegnome_online_accounts3.7.3cpe:2.3:a:gnome:gnome_online_accounts:3.7.3:*:*:*:*:*:*:*
gnomegnome_online_accounts3.7.4cpe:2.3:a:gnome:gnome_online_accounts:3.7.4:*:*:*:*:*:*:*
canonicalubuntu_linux11.10cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gnome	gnome_online_accounts	3.4.0	cpe:2.3:a:gnome:gnome_online_accounts:3.4.0:::::::*
gnome	gnome_online_accounts	3.4.1	cpe:2.3:a:gnome:gnome_online_accounts:3.4.1:::::::*
gnome	gnome_online_accounts	3.6.0	cpe:2.3:a:gnome:gnome_online_accounts:3.6.0:::::::*
gnome	gnome_online_accounts	3.6.1	cpe:2.3:a:gnome:gnome_online_accounts:3.6.1:::::::*
gnome	gnome_online_accounts	3.6.2	cpe:2.3:a:gnome:gnome_online_accounts:3.6.2:::::::*
gnome	gnome_online_accounts	3.7.1	cpe:2.3:a:gnome:gnome_online_accounts:3.7.1:::::::*
gnome	gnome_online_accounts	3.7.2	cpe:2.3:a:gnome:gnome_online_accounts:3.7.2:::::::*
gnome	gnome_online_accounts	3.7.3	cpe:2.3:a:gnome:gnome_online_accounts:3.7.3:::::::*
gnome	gnome_online_accounts	3.7.4	cpe:2.3:a:gnome:gnome_online_accounts:3.7.4:::::::*
canonical	ubuntu_linux	11.10	cpe:2.3:o:canonical:ubuntu_linux:11.10:::::::*