Sign-up

ID

VAR-201408-0035


CVE

CVE-2013-7144


TITLE

Windows and Mac OS X Run on LINE Vulnerable to server impersonation

Trust: 0.8

sources: JVNDB: JVNDB-2013-006631

DESCRIPTION

LINE 3.2.1.83 and earlier on Windows and 3.2.1 and earlier on OS X does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. LINE is prone to a security-bypass vulnerability because the application fails to properly validate SSL certificates. Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks. NHN PlayArt LINE is a set of instant chat software developed by Japan NHN PlayArt Company. The software supports free calls, sending text messages and more. There are security vulnerabilities in NHN PlayArt LINE 3.2.1.83 and earlier versions based on Windows platform and NHN PlayArt LINE 3.2.1 and earlier versions based on OS X platform

Trust: 1.98

sources: NVD: CVE-2013-7144 // JVNDB: JVNDB-2013-006631 // BID: 69336 // VULHUB: VHN-67146

AFFECTED PRODUCTS

vendor:linecorpmodel:linescope:lteversion:3.2.1

Trust: 1.0

vendor:linecorpmodel:linescope:lteversion:3.2.1.83

Trust: 1.0

vendor:linemodel:linescope:lteversion:3.2.1 (mac os x)

Trust: 0.8

vendor:linemodel:linescope:lteversion:3.2.1.83 (windows)

Trust: 0.8

vendor:linecorpmodel:linescope:eqversion:3.2.1.83

Trust: 0.6

vendor:linecorpmodel:linescope:eqversion:3.2.1

Trust: 0.6

vendor:linemodel:linescope:eqversion:3.2.1.83

Trust: 0.3

vendor:linemodel:linescope:eqversion:3.2.1

Trust: 0.3

sources: BID: 69336 // JVNDB: JVNDB-2013-006631 // CNNVD: CNNVD-201408-261 // NVD: CVE-2013-7144

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-7144
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-7144
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201408-261
value: MEDIUM

Trust: 0.6

VULHUB: VHN-67146
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-7144
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-67146
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-67146 // JVNDB: JVNDB-2013-006631 // CNNVD: CNNVD-201408-261 // NVD: CVE-2013-7144

PROBLEMTYPE DATA

problemtype:CWE-310

Trust: 1.9

sources: VULHUB: VHN-67146 // JVNDB: JVNDB-2013-006631 // NVD: CVE-2013-7144

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201408-261

TYPE

encryption problem

Trust: 0.6

sources: CNNVD: CNNVD-201408-261

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-006631

PATCH
title:Top Pageurl:http://linecorp.com/
Trust: 0.8
title:Line_2014_325.1395901470url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51682
Trust: 0.6
title:LineInst3.6.0.32.1402034880url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51681
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2013-006631 // 
            
            
            
            CNNVD: CNNVD-201408-261

EXTERNAL IDS
db:NVDid:CVE-2013-7144
Trust: 2.8
db:JVNDBid:JVNDB-2013-006631
Trust: 0.8
db:CNNVDid:CNNVD-201408-261
Trust: 0.7
db:BIDid:69336
Trust: 0.4
db:VULHUBid:VHN-67146
Trust: 0.1
sources:
            
            
            VULHUB: VHN-67146 // 
            
            
            
            BID: 69336 // 
            
            
            
            JVNDB: JVNDB-2013-006631 // 
            
            
            
            CNNVD: CNNVD-201408-261 // 
            
            
            
            NVD: CVE-2013-7144

REFERENCES
url:https://www.thaicert.or.th/papers/general/2013/pa2013ge010.html
Trust: 2.8
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-7144
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-7144
Trust: 0.8
url:http://line.me/en/
Trust: 0.3
sources:
            
            
            VULHUB: VHN-67146 // 
            
            
            
            BID: 69336 // 
            
            
            
            JVNDB: JVNDB-2013-006631 // 
            
            
            
            CNNVD: CNNVD-201408-261 // 
            
            
            
            NVD: CVE-2013-7144

CREDITS
nu Sub Kittikul
Trust: 0.3
sources:
            
            
            BID: 69336

SOURCES
db:VULHUBid:VHN-67146
db:BIDid:69336
db:JVNDBid:JVNDB-2013-006631
db:CNNVDid:CNNVD-201408-261
db:NVDid:CVE-2013-7144

LAST UPDATE DATE
2025-04-12T23:19:52.888000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-67146date:2014-08-18T00:00:00
db:BIDid:69336date:2013-12-20T00:00:00
db:JVNDBid:JVNDB-2013-006631date:2014-08-19T00:00:00
db:CNNVDid:CNNVD-201408-261date:2014-08-19T00:00:00
db:NVDid:CVE-2013-7144date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:VULHUBid:VHN-67146date:2014-08-16T00:00:00
db:BIDid:69336date:2013-12-20T00:00:00
db:JVNDBid:JVNDB-2013-006631date:2014-08-19T00:00:00
db:CNNVDid:CNNVD-201408-261date:2014-08-19T00:00:00
db:NVDid:CVE-2013-7144date:2014-08-16T04:39:55.613