The Wocky module in Telepathy Gabble before 0.16.6 and 0.17.x before 0.17.4, when connecting to a "legacy Jabber server," does not properly enforce the WockyConnector:tls-required flag, which allows remote attackers to bypass TLS verification and perform a man-in-the-middle attacks.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: debian
Published: 2013-09-23T20:00:00
Updated: 2024-08-06T15:04:48.332Z
Reserved: 2013-01-26T00:00:00
Link: CVE-2013-1431
Vulnrichment
No data.
NVD
Status : Modified
Published: 2013-09-23T20:55:07.230
Modified: 2024-11-21T01:49:34.170
Link: CVE-2013-1431
Redhat
No data.