FKIE_CVE-2013-0240

Vulnerability from fkie_nvd - Published: 2013-04-02 03:22 - Updated: 2025-04-11 00:51
Severity ?
Summary
Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.5, does not properly validate SSL certificates when creating accounts such as Windows Live and Facebook accounts, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network.
References
secalert@redhat.comhttp://lists.opensuse.org/opensuse-updates/2013-02/msg00046.html
secalert@redhat.comhttp://secunia.com/advisories/51976Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/52791Vendor Advisory
secalert@redhat.comhttp://ubuntu.com/usn/usn-1779-1
secalert@redhat.comhttps://bugzilla.gnome.org/show_bug.cgi?id=693214
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=894352
secalert@redhat.comhttps://git.gnome.org/browse/gnome-online-accounts/commit/?h=gnome-3-6&id=ecad8142e9ac519b9fc74b96dcb5531052bbffe1
secalert@redhat.comhttps://git.gnome.org/browse/gnome-online-accounts/commit/?id=bc10fdb68f75f8be84eb698ada08743b9c7c248f
secalert@redhat.comhttps://git.gnome.org/browse/gnome-online-accounts/commit/?id=edde7c63326242a60a075341d3fea0be0bc4d80e
secalert@redhat.comhttps://mail.gnome.org/archives/gnome-announce-list/2013-March/msg00007.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2013-02/msg00046.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/51976Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/52791Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://ubuntu.com/usn/usn-1779-1
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.gnome.org/show_bug.cgi?id=693214
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=894352
af854a3a-2127-422b-91ae-364da2661108https://git.gnome.org/browse/gnome-online-accounts/commit/?h=gnome-3-6&id=ecad8142e9ac519b9fc74b96dcb5531052bbffe1
af854a3a-2127-422b-91ae-364da2661108https://git.gnome.org/browse/gnome-online-accounts/commit/?id=bc10fdb68f75f8be84eb698ada08743b9c7c248f
af854a3a-2127-422b-91ae-364da2661108https://git.gnome.org/browse/gnome-online-accounts/commit/?id=edde7c63326242a60a075341d3fea0be0bc4d80e
af854a3a-2127-422b-91ae-364da2661108https://mail.gnome.org/archives/gnome-announce-list/2013-March/msg00007.html
Impacted products
Vendor Product Version
gnome gnome_online_accounts 3.4.0
gnome gnome_online_accounts 3.4.1
gnome gnome_online_accounts 3.6.0
gnome gnome_online_accounts 3.6.1
gnome gnome_online_accounts 3.6.2
gnome gnome_online_accounts 3.7.1
gnome gnome_online_accounts 3.7.2
gnome gnome_online_accounts 3.7.3
gnome gnome_online_accounts 3.7.4
canonical ubuntu_linux 11.10
canonical ubuntu_linux 12.04
canonical ubuntu_linux 12.10
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnome:gnome_online_accounts:3.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0006B84-5631-451A-90C9-986C139A7D58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gnome_online_accounts:3.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5CBAB9D-7438-445F-9089-1C5C92178EB8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnome:gnome_online_accounts:3.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5971CF55-885F-4CED-8491-65DBCE785B6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gnome_online_accounts:3.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B74804B4-06B7-4EBA-878B-8B000CFAF436",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gnome_online_accounts:3.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "28FBF215-4BE8-445C-B90C-7AA26DF842E7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnome:gnome_online_accounts:3.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "293EDD49-EECF-41B7-A57D-D7DDF958B31D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gnome_online_accounts:3.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D28A7DA8-54A0-45AB-845C-74163353DAC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gnome_online_accounts:3.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3427636E-5B7E-447E-8B94-34C3930E0E05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnome:gnome_online_accounts:3.7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2759201-0DBD-48A2-B8C1-7F145AADF747",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4174F4F-149E-41A6-BBCC-D01114C05F38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*",
              "matchCriteriaId": "F5D324C4-97C7-49D3-A809-9EAD4B690C69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2076871-2E80-4605-A470-A41C1A8EC7EE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.5, does not properly validate SSL certificates when creating accounts such as Windows Live and Facebook accounts, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network."
    },
    {
      "lang": "es",
      "value": "Gnome Online Accounts (GOA) 3.4.x, 3.6.x anterior a 3.6.3 y 3.7.x anterior a 3.7.91, no valida adecuadamente los certificados SSL cuando crea cuentas para Windows Live o Facebook, lo que permite a atacantes \"man-in-the-middle\", obtener informaci\u00f3n sensible como credenciales mediante la captura de tr\u00e1fico de red."
    }
  ],
  "evaluatorImpact": "Per http://www.ubuntu.com/usn/usn-1779-1/\r\n\"A security issue affects these releases of Ubuntu and its derivatives:\r\n    Ubuntu 12.10\r\n    Ubuntu 12.04 LTS\r\n    Ubuntu 11.10\"",
  "id": "CVE-2013-0240",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-04-02T03:22:21.037",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00046.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/51976"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/52791"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://ubuntu.com/usn/usn-1779-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.gnome.org/show_bug.cgi?id=693214"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=894352"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://git.gnome.org/browse/gnome-online-accounts/commit/?h=gnome-3-6\u0026id=ecad8142e9ac519b9fc74b96dcb5531052bbffe1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://git.gnome.org/browse/gnome-online-accounts/commit/?id=bc10fdb68f75f8be84eb698ada08743b9c7c248f"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://git.gnome.org/browse/gnome-online-accounts/commit/?id=edde7c63326242a60a075341d3fea0be0bc4d80e"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://mail.gnome.org/archives/gnome-announce-list/2013-March/msg00007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-02/msg00046.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/51976"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/52791"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://ubuntu.com/usn/usn-1779-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.gnome.org/show_bug.cgi?id=693214"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=894352"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.gnome.org/browse/gnome-online-accounts/commit/?h=gnome-3-6\u0026id=ecad8142e9ac519b9fc74b96dcb5531052bbffe1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.gnome.org/browse/gnome-online-accounts/commit/?id=bc10fdb68f75f8be84eb698ada08743b9c7c248f"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.gnome.org/browse/gnome-online-accounts/commit/?id=edde7c63326242a60a075341d3fea0be0bc4d80e"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://mail.gnome.org/archives/gnome-announce-list/2013-March/msg00007.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-310"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.