2 results (0.022 seconds)

CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 0

CVE-2013-0240

https://notcve.org/view.php?id=CVE-2013-0240

Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.5, does not properly validate SSL certificates when creating accounts such as Windows Live and Facebook accounts, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network. Gnome Online Accounts (GOA) 3.4.x, 3.6.x anterior a 3.6.3 y 3.7.x anterior a 3.7.91, no valida adecuadamente los certificados SSL cuando crea cuentas para Windows Live o Facebook, lo que permite a atacantes "man-in-the-middle", obtener información sensible como credenciales mediante la captura de tráfico de red. • http://lists.opensuse.org/opensuse-updates/2013-02/msg00046.html http://secunia.com/advisories/51976 http://secunia.com/advisories/52791 http://ubuntu.com/usn/usn-1779-1 https://bugzilla.gnome.org/show_bug.cgi?id=693214 https://bugzilla.redhat.com/show_bug.cgi?id=894352 https://git.gnome.org/browse/gnome-online-accounts/commit/?h=gnome-3-6&id=ecad8142e9ac519b9fc74b96dcb5531052bbffe1 https://git.gnome.org/browse/gnome-online-accounts/commit/?id=bc10fdb68f75f8be84eb698ada08743b9c7c248f https:/ • CWE-310: Cryptographic Issues •

CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 0

CVE-2013-1799

https://notcve.org/view.php?id=CVE-2013-1799

Gnome Online Accounts (GOA) 3.6.x before 3.6.3 and 3.7.x before 3.7.91, does not properly validate SSL certificates when creating accounts for providers who use the libsoup library, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network. NOTE: this issue exists because of an incomplete fix for CVE-2013-0240. Gnome Online Accounts (GOA) 3.6.x anterior a 3.6.3 y 3.7.x anterior a 3.7.91, no valida adecuadamente los certificados SSL cuando crear cuentas para proveedores que utilizan la biblioteca libsoup, lo que permite a atacantes "man-in-the-middle", obtener información sensible como credenciales mediante la captura de tráfico de red. NOTA: este problema existe ya que no se corrigió correctamente la vulnerabilidad CVE-2013-0240. • http://lists.opensuse.org/opensuse-updates/2013-02/msg00046.html http://secunia.com/advisories/51976 http://secunia.com/advisories/52791 http://ubuntu.com/usn/usn-1779-1 https://bugzilla.gnome.org/show_bug.cgi?id=693214 https://bugzilla.gnome.org/show_bug.cgi?id=695106 https://git.gnome.org/browse/gnome-online-accounts/commit/?id=9cf4bc0ced2c53bcdd36922caa65afc8a167bbd8 https://mail.gnome.org/archives/gnome-announce-list/2013-March/msg00007.html https://mail.gnome.org/archives/gnome-a • CWE-310: Cryptographic Issues •