The Wocky module in Telepathy Gabble prior to 0.16.6 and 0.17.x prior to 0.17.4, when connecting to a "legacy Jabber server," does not properly enforce the WockyConnector:tls-required flag, which allows remote malicious users to bypass TLS verification and perform a man-in-the-middle attacks.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
simon mcvittie telepathy gabble |
||
simon mcvittie telepathy gabble 0.16.3 |
||
simon mcvittie telepathy gabble 0.16.1 |
||
simon mcvittie telepathy gabble 0.16.0 |
||
simon mcvittie telepathy gabble 0.17.3 |
||
simon mcvittie telepathy gabble 0.17.2 |
||
simon mcvittie telepathy gabble 0.17.1 |
||
simon mcvittie telepathy gabble 0.17.0 |
||
simon mcvittie telepathy gabble 0.16.4 |
||
simon mcvittie telepathy gabble 0.16.2 |