CVE-2013-0240 Information
Description
Gnome Online Accounts (GOA) 3.4.x 3.6.x before 3.6.3 and 3.7.x before 3.7.5 does not properly validate SSL certificates when creating accounts such as Windows Live and Facebook accounts which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network.
Reference
http://lists.opensuse.org/opensuse-updates/2013-02/msg00046.html http://secunia.com/advisories/51976 http://secunia.com/advisories/52791 http://ubuntu.com/usn/usn-1779-1 https://bugzilla.gnome.org/show_bug.cgi?id=693214 https://bugzilla.redhat.com/show_bug.cgi?id=894352 https://git.gnome.org/browse/gnome-online-accounts/commit/?h=gnome-3-6&id=ecad8142e9ac519b9fc74b96dcb5531052bbffe1 https://git.gnome.org/browse/gnome-online-accounts/commit/?id=bc10fdb68f75f8be84eb698ada08743b9c7c248f https://git.gnome.org/browse/gnome-online-accounts/commit/?id=edde7c63326242a60a075341d3fea0be0bc4d80e https://mail.gnome.org/archives/gnome-announce-list/2013-March/msg00007.html
Share on: