The _ssl_verify_callback function in tls_nb.py in Gajim before 0.15.3 does not properly verify SSL certificates, which allows remote attackers to conduct man-in-the-middle (MITM) attacks and spoof servers via an arbitrary certificate from a trusted CA.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Gajim
  • Gajim

Configuration 1 [-]

OR cpe:2.3:a:gajim:gajim:*:*:*:*:*:*:*:*
cpe:2.3:a:gajim:gajim:0.1:*:*:*:*:*:*:*
cpe:2.3:a:gajim:gajim:0.2:*:*:*:*:*:*:*
cpe:2.3:a:gajim:gajim:0.2.1:*:*:*:*:*:*:*
cpe:2.3:a:gajim:gajim:0.3:*:*:*:*:*:*:*
cpe:2.3:a:gajim:gajim:0.4:*:*:*:*:*:*:*
cpe:2.3:a:gajim:gajim:0.4.1:*:*:*:*:*:*:*
cpe:2.3:a:gajim:gajim:0.5:*:*:*:*:*:*:*
cpe:2.3:a:gajim:gajim:0.5.1:*:*:*:*:*:*:*
cpe:2.3:a:gajim:gajim:0.6:*:*:*:*:*:*:*
cpe:2.3:a:gajim:gajim:0.6.1:*:*:*:*:*:*:*
cpe:2.3:a:gajim:gajim:0.7:*:*:*:*:*:*:*
cpe:2.3:a:gajim:gajim:0.7.1:*:*:*:*:*:*:*
cpe:2.3:a:gajim:gajim:0.8:*:*:*:*:*:*:*
cpe:2.3:a:gajim:gajim:0.8.1:*:*:*:*:*:*:*
cpe:2.3:a:gajim:gajim:0.8.2:*:*:*:*:*:*:*
cpe:2.3:a:gajim:gajim:0.9:*:*:*:*:*:*:*
cpe:2.3:a:gajim:gajim:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:gajim:gajim:0.10:*:*:*:*:*:*:*
cpe:2.3:a:gajim:gajim:0.10.1:*:*:*:*:*:*:*
cpe:2.3:a:gajim:gajim:0.11:*:*:*:*:*:*:*
cpe:2.3:a:gajim:gajim:0.11.1:*:*:*:*:*:*:*
cpe:2.3:a:gajim:gajim:0.11.2:*:*:*:*:*:*:*
cpe:2.3:a:gajim:gajim:0.11.3:*:*:*:*:*:*:*
cpe:2.3:a:gajim:gajim:0.11.4:*:*:*:*:*:*:*
cpe:2.3:a:gajim:gajim:0.12:*:*:*:*:*:*:*
cpe:2.3:a:gajim:gajim:0.12.1:*:*:*:*:*:*:*
cpe:2.3:a:gajim:gajim:0.12.2:*:*:*:*:*:*:*
cpe:2.3:a:gajim:gajim:0.12.3:*:*:*:*:*:*:*
cpe:2.3:a:gajim:gajim:0.12.4:*:*:*:*:*:*:*
cpe:2.3:a:gajim:gajim:0.12.5:*:*:*:*:*:*:*
cpe:2.3:a:gajim:gajim:0.12.5:alpha1:*:*:*:*:*:*
cpe:2.3:a:gajim:gajim:0.12.5:beta1:*:*:*:*:*:*
cpe:2.3:a:gajim:gajim:0.13:*:*:*:*:*:*:*
cpe:2.3:a:gajim:gajim:0.13.1:*:*:*:*:*:*:*
cpe:2.3:a:gajim:gajim:0.13.2:*:*:*:*:*:*:*
cpe:2.3:a:gajim:gajim:0.13.3:*:*:*:*:*:*:*
cpe:2.3:a:gajim:gajim:0.13.4:*:*:*:*:*:*:*
cpe:2.3:a:gajim:gajim:0.14:*:*:*:*:*:*:*
cpe:2.3:a:gajim:gajim:0.14.1:*:*:*:*:*:*:*
cpe:2.3:a:gajim:gajim:0.14.2:*:*:*:*:*:*:*
cpe:2.3:a:gajim:gajim:0.14.3:*:*:*:*:*:*:*
cpe:2.3:a:gajim:gajim:0.14.4:*:*:*:*:*:*:*
cpe:2.3:a:gajim:gajim:0.15:*:*:*:*:*:*:*
cpe:2.3:a:gajim:gajim:0.15.1:*:*:*:*:*:*:*

No data.

References
Link Providers
http://security.gentoo.org/glsa/glsa-201401-02.xml cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2012/11/11/6 cve-icon cve-icon
https://trac.gajim.org/query?status=closed&group=resolution&milestone=0.15.3 cve-icon cve-icon
https://trac.gajim.org/ticket/7252 cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2014-02-08T00:00:00

Updated: 2024-08-06T21:05:47.440Z

Reserved: 2012-10-24T00:00:00

Link: CVE-2012-5524

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2014-02-08T00:55:05.910

Modified: 2014-02-10T15:16:36.627

Link: CVE-2012-5524

cve-icon Redhat

No data.