Gizmo SSL Certificate Vulnerability I. The Vulnerability Gizmo does not check SSL certificate before sending user credentials. An attacker is able to obtain username and password with a spoofed certificate and no alert is generated to the user. This vulnerability was found in Gizmo for Linux 3.1.0.79. Other versions may also be affected. II. Disclosure Timeline 06/19/2009 - Vendor contact. 06/26/2009 - No answer. Public Disclosure. III. Vendor http://gizmo5.com/ IV. Credit Gabriel Menezes Nunes <gab.mnunes [at] gmail (dot) com>
