QwikSec

Security Database

CVE

CWE

Training

CVE-2014-0363

Published: Apr 30, 2014

Modified: Aug 6, 2024

PUBLISHED

Description

The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate chain.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://issues.igniterealtime.org/browse/SMACK-410

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

third-party-advisory

x_refsource_SECUNIA

vendor-advisory

x_refsource_REDHAT

third-party-advisory

x_refsource_CERT-VN

http://community.igniterealtime.org/blogs/ignite/2014/04/17/asmack-400-rc1-has-been-released

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.