TUCoPS :: HP Unsorted G :: bt-21231.htm

Gizmo SSL Certificate Vulnerability
Gizmo SSL Certificate Vulnerability
Gizmo SSL Certificate Vulnerability


Gizmo SSL Certificate Vulnerability

I. The Vulnerability

Gizmo does not check SSL certificate before sending user credentials.
An attacker is able to obtain username and password with a spoofed
certificate and no alert is generated to the user.
This vulnerability was found in Gizmo for Linux 3.1.0.79. Other
versions may also be affected.

II. Disclosure Timeline

06/19/2009 - Vendor contact.
06/26/2009 - No answer. Public Disclosure.

III. Vendor

http://gizmo5.com/ 

IV. Credit

Gabriel Menezes Nunes

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH