1. Home
  2. CVE Database
  3. CVE-2013-0240
MEDIUM · 4.3

CVE-2013-0240

Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.5, does not properly validate SSL certificates when creating accounts such as Windows Live and Facebook accounts, which allo...

Vulnerability Description

Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.5, does not properly validate SSL certificates when creating accounts such as Windows Live and Facebook accounts, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:P/I:N/A:N
Confidentiality
PARTIAL
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
GnomeGnome Online Accounts3.4.0
CanonicalUbuntu Linux11.10

Related Weaknesses (CWE)

CWE-310

References

FAQ

What is CVE-2013-0240?

CVE-2013-0240 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.5, does not properly validate SSL certificates when creating accounts such as Windows Live and Facebook accounts, which allo...

How severe is CVE-2013-0240?

CVE-2013-0240 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-0240?

Check the references section above for vendor advisories and patch information. Affected products include: Gnome Gnome Online Accounts, Canonical Ubuntu Linux.