User: Password:
Subscribe / Log in / New account

gajim: man-in-the-middle attack

Package(s):gajim CVE #(s):CVE-2012-5524
Created:April 1, 2013 Updated:January 7, 2014
Description: From the Red Hat bugzilla:

A security flaw was found in the way Gajim, a Jabber client written in PyGTK, performed verification of invalid (broken / expired) x.509v3 SSL certificates (True as return value was returned always regardless if error during certificate validation occurred or not). A rogue XMPP server could use this flaw to conduct man-in-the-middle attack (MiTM) and trick Gajim client to accept the certificate even when it was invalid / should not be accepted.

Gentoo 201401-02 gajim 2014-01-06
Fedora FEDORA-2013-4210 gajim 2013-03-30
Fedora FEDORA-2013-4205 gajim 2013-03-30
Mageia MGASA-2013-0111 gajim 2013-04-06

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds