Описание
protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the "require TLS/SSL" preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect to the server without the expected encryption and allows remote attackers to sniff sessions.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | DNE | |
| devel | not-affected | 1:2.6.5-1ubuntu1 |
| hardy | released | 1:2.4.1-1ubuntu2.8 |
| intrepid | released | 1:2.5.2-0ubuntu1.6 |
| jaunty | released | 1:2.5.5-1ubuntu8.5 |
| karmic | not-affected | 1:2.6.2-1ubuntu7 |
| upstream | needs-triage |
Показывать по
EPSS
5 Medium
CVSS2
Связанные уязвимости
protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the "require TLS/SSL" preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect to the server without the expected encryption and allows remote attackers to sniff sessions.
protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the "require TLS/SSL" preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect to the server without the expected encryption and allows remote attackers to sniff sessions.
protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly oth ...
protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the "require TLS/SSL" preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect to the server without the expected encryption and allows remote attackers to sniff sessions.
Уязвимости операционной системы Red Hat Enterprise Linux, позволяющие удаленному злоумышленнику нарушить доступность защищаемой информации
EPSS
5 Medium
CVSS2