|Created:||April 1, 2013||Updated:||January 7, 2014|
|Description:||From the Red Hat bugzilla:
A security flaw was found in the way Gajim, a Jabber client written in PyGTK, performed verification of invalid (broken / expired) x.509v3 SSL certificates (True as return value was returned always regardless if error during certificate validation occurred or not). A rogue XMPP server could use this flaw to conduct man-in-the-middle attack (MiTM) and trick Gajim client to accept the certificate even when it was invalid / should not be accepted.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds