CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
78.5%
The Single Sign On Client (ubuntu-sso-client) for Ubuntu 11.04 and 11.10
does not properly validate SSL certificates when using HTTPS, which allows
remote attackers to spoof a server and modify or read sensitive data via a
man-in-the-middle (MITM) attack.
Author | Note |
---|---|
mdeslaur | code is different in precise+, looks ok |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 11.04 | noarch | ubuntu-sso-client | < 1.2.1-0ubuntu2.1 | UNKNOWN |
ubuntu | 11.10 | noarch | ubuntu-sso-client | < 1.4.1-0ubuntu1.1 | UNKNOWN |