CVE-2013-0240 | Vulnerability Database | Aqua Security

Gnome Online Accounts (GOA) 3.4.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.5, does not properly validate SSL certificates when creating accounts such as Windows Live and Facebook accounts, which allows man-in-the-middle attackers to obtain sensitive information such as credentials by sniffing the network.

Affected Software

Name	Vendor	Start Version	End Version
Gnome_online_accounts	Gnome	3.4.0 (including)	3.4.0 (including)
Gnome_online_accounts	Gnome	3.4.1 (including)	3.4.1 (including)
Gnome-online-accounts	Ubuntu	devel	*
Gnome-online-accounts	Ubuntu	oneiric	*
Gnome-online-accounts	Ubuntu	precise	*
Gnome-online-accounts	Ubuntu	quantal	*
Gnome-online-accounts	Ubuntu	upstream	*

References

http://lists.opensuse.org/opensuse-updates/2013-02/msg00046.html
http://secunia.com/advisories/51976
http://secunia.com/advisories/52791
http://ubuntu.com/usn/usn-1779-1
https://bugzilla.gnome.org/show_bug.cgi?id=693214
https://bugzilla.redhat.com/show_bug.cgi?id=894352
https://git.gnome.org/browse/gnome-online-accounts/commit/?h=gnome-3-6\u0026id=ecad8142e9ac519b9fc74b96dcb5531052bbffe1
https://git.gnome.org/browse/gnome-online-accounts/commit/?id=bc10fdb68f75f8be84eb698ada08743b9c7c248f
https://git.gnome.org/browse/gnome-online-accounts/commit/?id=edde7c63326242a60a075341d3fea0be0bc4d80e
https://mail.gnome.org/archives/gnome-announce-list/2013-March/msg00007.html

NVD	https://nvd.nist.gov/vuln/detail/CVE-2013-0240
CWE	https://cwe.mitre.org/data/definitions/310.html