lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri, 26 Jun 2009 10:35:05 -0300 From: Gabriel Menezes Nunes <gab.mnunes@...il.com> To: bugtraq@...urityfocus.com Subject: Gizmo SSL Certificate Vulnerability Gizmo SSL Certificate Vulnerability I. The Vulnerability Gizmo does not check SSL certificate before sending user credentials. An attacker is able to obtain username and password with a spoofed certificate and no alert is generated to the user. This vulnerability was found in Gizmo for Linux 3.1.0.79. Other versions may also be affected. II. Disclosure Timeline 06/19/2009 - Vendor contact. 06/26/2009 - No answer. Public Disclosure. III. Vendor http://gizmo5.com/ IV. Credit Gabriel Menezes Nunes <gab.mnunes [at] gmail (dot) com>