CVE-2013-0240
GNOME Online Accounts < 3.6.3/3.7.5 MiTM Credential Exposure via SSL Bypass
Title source: llmDescription
Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.5, does not properly validate SSL certificates when creating accounts such as Windows Live and Facebook accounts, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network.
References (10)
Core 10
Core References
Patch x_refsource_confirm
https://git.gnome.org/browse/gnome-online-accounts/commit/?id=edde7c63326242a60a075341d3fea0be0bc4d80e
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/51976
Patch x_refsource_confirm
https://git.gnome.org/browse/gnome-online-accounts/commit/?id=bc10fdb68f75f8be84eb698ada08743b9c7c248f
Various Sources mailing-list
x_refsource_mlist
https://mail.gnome.org/archives/gnome-announce-list/2013-March/msg00007.html
Various Sources vendor-advisory
x_refsource_ubuntu
http://ubuntu.com/usn/usn-1779-1
Patch x_refsource_confirm
https://git.gnome.org/browse/gnome-online-accounts/commit/?h=gnome-3-6&id=ecad8142e9ac519b9fc74b96dcb5531052bbffe1
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/52791
Issue Tracking x_refsource_confirm
https://bugzilla.gnome.org/show_bug.cgi?id=693214
Issue Tracking x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=894352
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-02/msg00046.html
Scores
EPSS
0.0048
EPSS Percentile
65.1%
Details
CWE
CWE-310
Status
published
Products (12)
canonical/ubuntu_linux
11.10
canonical/ubuntu_linux
12.04
canonical/ubuntu_linux
12.10
gnome/gnome_online_accounts
3.4.0
gnome/gnome_online_accounts
3.4.1
gnome/gnome_online_accounts
3.6.0
gnome/gnome_online_accounts
3.6.1
gnome/gnome_online_accounts
3.6.2
gnome/gnome_online_accounts
3.7.1
gnome/gnome_online_accounts
3.7.2
... and 2 more
Published
Apr 02, 2013
Tracked Since
Feb 18, 2026