Back to search
CVE-2013-1431
Published: Sep 23, 2013
Modified: Aug 6, 2024
PUBLISHED
Description
The Wocky module in Telepathy Gabble before 0.16.6 and 0.17.x before 0.17.4, when connecting to a "legacy Jabber server," does not properly enforce the WockyConnector:tls-required flag, which allows remote attackers to bypass TLS verification and perform a man-in-the-middle attacks.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[oss-security] 20130530 CVE-2013-1431: telepathy-gabble: TLS bypass via use of legacy Jabber
mailing-list
x_refsource_MLIST
53779
third-party-advisory
x_refsource_SECUNIA
USN-1873-1
vendor-advisory
x_refsource_UBUNTU
https://bugs.freedesktop.org/show_bug.cgi?id=65036
x_refsource_CONFIRM
DSA-2702
vendor-advisory
x_refsource_DEBIAN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now