Computer Security

Security Advisory: Gizmo SSL Certificate Vulnerability
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Multiple MSN messengers SSL certificates vulnerabilities

  aMSN SSL Certificate Vulnerability

  Trillian SSL Certificate Vulnerability

From:Gabriel Menezes Nunes <gab.mnunes_(at)_gmail.com>
Date:27.06.2009
Subject:Gizmo SSL Certificate Vulnerability

Gizmo SSL Certificate Vulnerability

I. The Vulnerability

Gizmo does not check SSL certificate before sending user credentials.
An attacker is able to obtain username and password with a spoofed
certificate and no alert is generated to the user.
This vulnerability was found in Gizmo for Linux 3.1.0.79. Other
versions may also be affected.

II. Disclosure Timeline

06/19/2009 - Vendor contact.
06/26/2009 - No answer. Public Disclosure.

III. Vendor

http://gizmo5.com/

IV. Credit

Gabriel Menezes Nunes <gab.mnunes [at] gmail (dot) com>
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru