isync CVE-2013-0289 SSL Certificate Verification Information Disclosure Vulnerability

isync is prone to prone to an information-disclosure vulnerability because the application fails to properly verify SSL certificates from a server.

An attacker can exploit this issue through man-in-the-middle attacks by impersonating a trusted server. This may allow the attacker to obtain or modify sensitive information. Information harvested may aid in further attacks.

isync versions 0.4 through 1.0.5 are vulnerable.


 

Privacy Statement
Copyright 2010, SecurityFocus