Test ID:	1.3.6.1.4.1.25623.1.0.800833
Category:	General
Title:	Gizmo5 <= 3.1.0.79 SSL Certificate Validation Security Bypass Vulnerability - Linux
Summary:	Gizmo5 is prone to a security bypass vulnerability.
Description:	Summary: Gizmo5 is prone to a security bypass vulnerability. Vulnerability Insight: Error exists due to improper verification of SSL certificates which can be exploited by using man-in-the-middle techniques to spoof SSL certificates and redirect a user to a malicious Web site that would appear to be trusted. Vulnerability Impact: Successful exploitation will allow remote attackers to obtain sensitive information that could be used to launch further attacks against the victim's system. Affected Software/OS: Gizmo5 version 3.1.0.79 and prior on Linux. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2381 BugTraq ID: 35508 http://www.securityfocus.com/bid/35508 Bugtraq: 20090626 Gizmo SSL Certificate Vulnerability (Google Search) http://www.securityfocus.com/archive/1/504572/100/0/threaded http://secunia.com/advisories/35628 XForce ISS Database: gizmo5-ssl-security-bypass(51399) https://exchange.xforce.ibmcloud.com/vulnerabilities/51399
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.