Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2013-0240

Date: March 28, 2013

Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.5, does not properly validate SSL certificates when creating accounts such as Windows Live and Facebook accounts, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network.

Language: C

Severity Score

Related Resources (13)

http://lists.opensuse.org/opensuse-updates/2013-02/msg00046.html
https://git.gnome.org/browse/gnome-online-accounts/commit/?id=edde7c63326242a60a075341d3fea0be0bc4d80e
https://bugzilla.gnome.org/show_bug.cgi?id=693214
https://nvd.nist.gov/vuln/detail/CVE-2013-0240
http://secunia.com/advisories/51976
http://secunia.com/advisories/52791
https://mail.gnome.org/archives/gnome-announce-list/2013-March/msg00007.html
http://ubuntu.com/usn/usn-1779-1
https://git.gnome.org/browse/gnome-online-accounts/commit/?h=gnome-3-6&id=ecad8142e9ac519b9fc74b96dcb5531052bbffe1
https://git.gnome.org/browse/gnome-online-accounts/commit/?id=bc10fdb68f75f8be84eb698ada08743b9c7c248f
https://bugzilla.redhat.com/show_bug.cgi?id=894352
https://people.canonical.com/~ubuntu-security/cve/CVE-2013-0240
https://www.mend.io/vulnerability-database/CVE-2013-0240

Severity Score

Weakness Type (CWE)

Cryptographic Issues

CWE-310

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): LOW
Integrity (I): NONE
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): PARTIAL
Integrity (I): NONE
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us