Published: 23/09/2013 Updated: 08/11/2016

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

The Wocky module in Telepathy Gabble prior to 0.16.6 and 0.17.x prior to 0.17.4, when connecting to a "legacy Jabber server," does not properly enforce the WockyConnector:tls-required flag, which allows remote malicious users to bypass TLS verification and perform a man-in-the-middle attacks.

Vulnerable Product	Search on Vulmon	Subscribe to Product
simon mcvittie telepathy gabble
simon mcvittie telepathy gabble 0.16.3
simon mcvittie telepathy gabble 0.16.1
simon mcvittie telepathy gabble 0.16.0
simon mcvittie telepathy gabble 0.17.3
simon mcvittie telepathy gabble 0.17.2
simon mcvittie telepathy gabble 0.17.1
simon mcvittie telepathy gabble 0.17.0
simon mcvittie telepathy gabble 0.16.4
simon mcvittie telepathy gabble 0.16.2

Several security issues were fixed in telepathy-gabble ...

Maksim Otstavnov discovered that the Wocky submodule used by telepathy-gabble, the Jabber/XMPP connection manager for the Telepathy framework, does not respect the tls-required flag on legacy Jabber servers A network intermediary could use this vulnerability to bypass TLS verification and perform a man-in-the-middle attack For the oldstable distr ...

CWE-20 https://bugs.freedesktop.org/show_bug.cgi?id=65036 http://www.debian.org/security/2013/dsa-2702 http://seclists.org/oss-sec/2013/q2/438 http://secunia.com/advisories/53779 http://www.ubuntu.com/usn/USN-1873-1 https://nvd.nist.gov https://usn.ubuntu.com/1873-1/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2013-1431

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect