CVE-2013-1799

https://notcve.org/view.php?id=CVE-2013-1799

Gnome Online Accounts (GOA) 3.6.x before 3.6.3 and 3.7.x before 3.7.91, does not properly validate SSL certificates when creating accounts for providers who use the libsoup library, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network. NOTE: this issue exists because of an incomplete fix for CVE-2013-0240. Gnome Online Accounts (GOA) 3.6.x anterior a 3.6.3 y 3.7.x anterior a 3.7.91, no valida adecuadamente los certificados SSL cuando crear cuentas para proveedores que utilizan la biblioteca libsoup, lo que permite a atacantes "man-in-the-middle", obtener información sensible como credenciales mediante la captura de tráfico de red. NOTA: este problema existe ya que no se corrigió correctamente la vulnerabilidad CVE-2013-0240. • http://lists.opensuse.org/opensuse-updates/2013-02/msg00046.html http://secunia.com/advisories/51976 http://secunia.com/advisories/52791 http://ubuntu.com/usn/usn-1779-1 https://bugzilla.gnome.org/show_bug.cgi?id=693214 https://bugzilla.gnome.org/show_bug.cgi?id=695106 https://git.gnome.org/browse/gnome-online-accounts/commit/?id=9cf4bc0ced2c53bcdd36922caa65afc8a167bbd8 https://mail.gnome.org/archives/gnome-announce-list/2013-March/msg00007.html https://mail.gnome.org/archives/gnome-a • CWE-310: Cryptographic Issues •