Lucene search

RedhatCVE-2013-0240

HistoryApr 02, 2013 - 3:22 a.m.

CVE-2013-0240

2013-04-0203:22:21

CWE-310

redhat

web.nvd.nist.gov

cve-2013-0240

gnome online accounts

ssl certificates

man-in-the-middle attack

network security

vulnerability

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

5.8

Confidence

Low

EPSS

0.002

Percentile

55.6%

JSON

Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.5, does not properly validate SSL certificates when creating accounts such as Windows Live and Facebook accounts, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network.

Affected configurations

Nvd

Node

gnomegnome_online_accountsMatch3.4.0

gnomegnome_online_accountsMatch3.4.1

Node

gnomegnome_online_accountsMatch3.6.0

gnomegnome_online_accountsMatch3.6.1

gnomegnome_online_accountsMatch3.6.2

Node

gnomegnome_online_accountsMatch3.7.1

gnomegnome_online_accountsMatch3.7.2

gnomegnome_online_accountsMatch3.7.3

gnomegnome_online_accountsMatch3.7.4

Node

canonicalubuntu_linuxMatch11.10

canonicalubuntu_linuxMatch12.04-lts

canonicalubuntu_linuxMatch12.10

VendorProductVersionCPE
gnomegnome_online_accounts3.4.0cpe:2.3:a:gnome:gnome_online_accounts:3.4.0:*:*:*:*:*:*:*
gnomegnome_online_accounts3.4.1cpe:2.3:a:gnome:gnome_online_accounts:3.4.1:*:*:*:*:*:*:*
gnomegnome_online_accounts3.6.0cpe:2.3:a:gnome:gnome_online_accounts:3.6.0:*:*:*:*:*:*:*
gnomegnome_online_accounts3.6.1cpe:2.3:a:gnome:gnome_online_accounts:3.6.1:*:*:*:*:*:*:*
gnomegnome_online_accounts3.6.2cpe:2.3:a:gnome:gnome_online_accounts:3.6.2:*:*:*:*:*:*:*
gnomegnome_online_accounts3.7.1cpe:2.3:a:gnome:gnome_online_accounts:3.7.1:*:*:*:*:*:*:*
gnomegnome_online_accounts3.7.2cpe:2.3:a:gnome:gnome_online_accounts:3.7.2:*:*:*:*:*:*:*
gnomegnome_online_accounts3.7.3cpe:2.3:a:gnome:gnome_online_accounts:3.7.3:*:*:*:*:*:*:*
gnomegnome_online_accounts3.7.4cpe:2.3:a:gnome:gnome_online_accounts:3.7.4:*:*:*:*:*:*:*
canonicalubuntu_linux11.10cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gnome	gnome_online_accounts	3.4.0	cpe:2.3:a:gnome:gnome_online_accounts:3.4.0:::::::*
gnome	gnome_online_accounts	3.4.1	cpe:2.3:a:gnome:gnome_online_accounts:3.4.1:::::::*
gnome	gnome_online_accounts	3.6.0	cpe:2.3:a:gnome:gnome_online_accounts:3.6.0:::::::*
gnome	gnome_online_accounts	3.6.1	cpe:2.3:a:gnome:gnome_online_accounts:3.6.1:::::::*
gnome	gnome_online_accounts	3.6.2	cpe:2.3:a:gnome:gnome_online_accounts:3.6.2:::::::*
gnome	gnome_online_accounts	3.7.1	cpe:2.3:a:gnome:gnome_online_accounts:3.7.1:::::::*
gnome	gnome_online_accounts	3.7.2	cpe:2.3:a:gnome:gnome_online_accounts:3.7.2:::::::*
gnome	gnome_online_accounts	3.7.3	cpe:2.3:a:gnome:gnome_online_accounts:3.7.3:::::::*
gnome	gnome_online_accounts	3.7.4	cpe:2.3:a:gnome:gnome_online_accounts:3.7.4:::::::*
canonical	ubuntu_linux	11.10	cpe:2.3:o:canonical:ubuntu_linux:11.10:::::::*