CVE-2012-1177

Name of the Vulnerable Software and Affected Versions libgdata versions prior to 0.10.2 libgdata versions 0.11.x prior to 0.11.1 libgdata version 0.8.1-r2 and earlier

Description The issue allows remote attackers to obtain user names and passwords via a man-in-the-middle (MITM) attack with a spoofed certificate, as libgdata does not validate SSL certificates. This can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation of this issue can be carried out remotely.

Recommendations For libgdata versions prior to 0.10.2, update to version 0.10.2 or later. For libgdata versions 0.11.x prior to 0.11.1, update to version 0.11.1 or later. For libgdata version 0.8.1-r2 and earlier, update to a version later than 0.8.1-r2. As a temporary workaround, consider disabling the use of SSL connections until a patch is available. Restrict access to sensitive information to minimize the risk of exploitation.