CVE-2014-1423

Published: May 7, 2020Modified: Nov 21, 2024

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

signond before 8.57+15.04.20141127.1-0ubuntu1, as used in Ubuntu Touch, did not properly restrict applications from querying oath tokens due to incorrect checks and the missing installation of the signon-apparmor-extension. An attacker could use this create a malicious click app that collects oauth tokens for other applications, exposing sensitive information.

Affected (2)

Products: Signond Project: Signond · Ubports: Ubuntu Touch

Signond Project

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Signond Project Signond	Before 8.57\+15.04.20141127.1-0ubuntu1

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Ubports Ubuntu Touch	All versions

Related CWEs

Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References (6)

http://bazaar.launchpad.net/~online-accounts/signon/upstream/revision/644

Source: security@ubuntu.com

Third Party Advisory

http://bazaar.launchpad.net/~online-accounts/signon/upstream/revision/645

Source: security@ubuntu.com

Third Party Advisory

https://bugs.launchpad.net/ubuntu/+source/signon/+bug/1392380

Source: security@ubuntu.com

Third Party Advisory

http://bazaar.launchpad.net/~online-accounts/signon/upstream/revision/644

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://bazaar.launchpad.net/~online-accounts/signon/upstream/revision/645

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugs.launchpad.net/ubuntu/+source/signon/+bug/1392380

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.