Vulnerability Description
signond before 8.57+15.04.20141127.1-0ubuntu1, as used in Ubuntu Touch, did not properly restrict applications from querying oath tokens due to incorrect checks and the missing installation of the signon-apparmor-extension. An attacker could use this create a malicious click app that collects oauth tokens for other applications, exposing sensitive information.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Signond Project | Signond | < 8.57\+15.04.20141127.1-0ubuntu1 |
| Ubports | Ubuntu Touch | - |
Related Weaknesses (CWE)
References
- http://bazaar.launchpad.net/~online-accounts/signon/upstream/revision/644Third Party Advisory
- http://bazaar.launchpad.net/~online-accounts/signon/upstream/revision/645Third Party Advisory
- https://bugs.launchpad.net/ubuntu/+source/signon/+bug/1392380Third Party Advisory
- http://bazaar.launchpad.net/~online-accounts/signon/upstream/revision/644Third Party Advisory
- http://bazaar.launchpad.net/~online-accounts/signon/upstream/revision/645Third Party Advisory
- https://bugs.launchpad.net/ubuntu/+source/signon/+bug/1392380Third Party Advisory
FAQ
What is CVE-2014-1423?
CVE-2014-1423 is a vulnerability with a CVSS score of 5.9 (MEDIUM). signond before 8.57+15.04.20141127.1-0ubuntu1, as used in Ubuntu Touch, did not properly restrict applications from querying oath tokens due to incorrect checks and the missing installation of the sig...
How severe is CVE-2014-1423?
CVE-2014-1423 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-1423?
Check the references section above for vendor advisories and patch information. Affected products include: Signond Project Signond, Ubports Ubuntu Touch.