Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2016-10027

Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of cleartext for client authentication by stripping the "starttls" feature from a server response.

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2016122...
CONFIRM: https://community.igni...
CONFIRM: https://github.com/ign...
CONFIRM: https://github.com/ign...
CONFIRM: https://issues.igniter...
FEDORA: FEDORA-2016-897a1e6698
BID: 95129

Launchpad.net

CVE 2016-10027

Related bugs

References