CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
55.6%
Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.5, does not properly validate SSL certificates when creating accounts such as Windows Live and Facebook accounts, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network.
Vendor | Product | Version | CPE |
---|---|---|---|
gnome | gnome_online_accounts | 3.4.0 | cpe:2.3:a:gnome:gnome_online_accounts:3.4.0:*:*:*:*:*:*:* |
gnome | gnome_online_accounts | 3.4.1 | cpe:2.3:a:gnome:gnome_online_accounts:3.4.1:*:*:*:*:*:*:* |
gnome | gnome_online_accounts | 3.6.0 | cpe:2.3:a:gnome:gnome_online_accounts:3.6.0:*:*:*:*:*:*:* |
gnome | gnome_online_accounts | 3.6.1 | cpe:2.3:a:gnome:gnome_online_accounts:3.6.1:*:*:*:*:*:*:* |
gnome | gnome_online_accounts | 3.6.2 | cpe:2.3:a:gnome:gnome_online_accounts:3.6.2:*:*:*:*:*:*:* |
gnome | gnome_online_accounts | 3.7.1 | cpe:2.3:a:gnome:gnome_online_accounts:3.7.1:*:*:*:*:*:*:* |
gnome | gnome_online_accounts | 3.7.2 | cpe:2.3:a:gnome:gnome_online_accounts:3.7.2:*:*:*:*:*:*:* |
gnome | gnome_online_accounts | 3.7.3 | cpe:2.3:a:gnome:gnome_online_accounts:3.7.3:*:*:*:*:*:*:* |
gnome | gnome_online_accounts | 3.7.4 | cpe:2.3:a:gnome:gnome_online_accounts:3.7.4:*:*:*:*:*:*:* |
canonical | ubuntu_linux | 11.10 | cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:* |
lists.opensuse.org/opensuse-updates/2013-02/msg00046.html
secunia.com/advisories/51976
secunia.com/advisories/52791
ubuntu.com/usn/usn-1779-1
bugzilla.gnome.org/show_bug.cgi?id=693214
bugzilla.redhat.com/show_bug.cgi?id=894352
git.gnome.org/browse/gnome-online-accounts/commit/?h=gnome-3-6&id=ecad8142e9ac519b9fc74b96dcb5531052bbffe1
git.gnome.org/browse/gnome-online-accounts/commit/?id=bc10fdb68f75f8be84eb698ada08743b9c7c248f
git.gnome.org/browse/gnome-online-accounts/commit/?id=edde7c63326242a60a075341d3fea0be0bc4d80e
mail.gnome.org/archives/gnome-announce-list/2013-March/msg00007.html