Incomplete SSL Certificate Validation in Gnome Online Accounts (GOA)

Incomplete SSL Certificate Validation in Gnome Online Accounts (GOA)

CVE-2013-1799 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

Gnome Online Accounts (GOA) 3.6.x before 3.6.3 and 3.7.x before 3.7.91, does not properly validate SSL certificates when creating accounts for providers who use the libsoup library, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network. NOTE: this issue exists because of an incomplete fix for CVE-2013-0240.

Learn more about our Network Penetration Testing.