CVE-2013-0240

Severity

43%

Complexity

86%

Confidentiality

48%

Per http://www.ubuntu.com/usn/usn-1779-1/ "A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.10 Ubuntu 12.04 LTS Ubuntu 11.10"

Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.5, does not properly validate SSL certificates when creating accounts such as Windows Live and Facebook accounts, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network.

Per http://www.ubuntu.com/usn/usn-1779-1/ "A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.10 Ubuntu 12.04 LTS Ubuntu 11.10"

CVSS 2.0 Base Score 4.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:P/I:N/A:N).

Overview

First reported 11 years ago

2013-04-02 03:22:00

Last updated 11 years ago

2013-04-02 04:00:00

Affected Software

Gnome Online Accounts (GOA) 3.4.1

3.4.1

Gnome Online Accounts (GOA) 3.6.0

3.6.0

Gnome Online Accounts (GOA) 3.6.1

3.6.1

Gnome Online Accounts (GOA) 3.6.2

3.6.2

Gnome Online Accounts (GOA) 3.7.1

3.7.1

Gnome Online Accounts (GOA) 3.7.2

3.7.2

Gnome Online Accounts (GOA) 3.7.3

3.7.3

Gnome Online Accounts (GOA) 3.7.4

3.7.4

Canonical Ubuntu Linux 11.10

11.10

Canonical Ubuntu Linux 12.04 LTS (Long-Term Support)

12.04

Canonical Ubuntu Linux 12.10

12.10

References

openSUSE-SU-2013:0301

51976

Vendor Advisory

52791