Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-0240 at MITRE


Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.5, does not properly validate SSL certificates when creating accounts such as Windows Live and Facebook accounts, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network.
CVSS v2 Scores
  National Vulnerability Database
Base Score 4.30
Vector AV:N/AC:M/Au:N/C:P/I:N/A:N
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact None
Availability Impact None

SUSE information

SUSE Bugzilla entries: 802409 [RESOLVED / FIXED], 808534 [RESOLVED / INVALID]

SUSE Security Advisories: