CVE-2011-4408

Severity

68%

Complexity

86%

Confidentiality

106%

The Single Sign On Client (ubuntu-sso-client) for Ubuntu 11.04 and 11.10 does not properly validate SSL certificates when using HTTPS, which allows remote attackers to spoof a server and modify or read sensitive data via a man-in-the-middle (MITM) attack.

The Single Sign On Client (ubuntu-sso-client) for Ubuntu 11.04 and 11.10 does not properly validate SSL certificates when using HTTPS, which allows remote attackers to spoof a server and modify or read sensitive data via a man-in-the-middle (MITM) attack.

CVSS 2.0 Base Score 6.8. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:P/A:P).

Overview

Type

Canonical Ubuntu Linux

First reported 12 years ago

2012-06-16 00:55:00

Last updated 7 years ago

2017-08-29 01:30:00

Affected Software

Canonical Ubuntu Linux 11.04

11.04

Canonical Ubuntu Linux 11.10

11.10

References

82747

49448

Vendor Advisory

53829

USN-1464-1

Patch, Vendor Advisory

ubuntussoclient-ssl-info-disc(76112)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.