Computer Security
[EN] securityvulns.ru no-pyccku


Snack insufficient certificate check
Published:11.08.2014
Source:
SecurityVulns ID:13921
Type:library
Threat Level:
5/10
Description:Server hostname is not checked.
Affected:SMACK : smack 4.0
CVE:CVE-2014-5075 (The Ignite Realtime Smack XMPP API 4.x before 4.0.2, and 3.x and 2.x when a custom SSLContext is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.)
Original documentdocumentGeorg Lukas, CVE-2014-5075 MitM Vulnerability in the Smack XMPP Library for Java (11.08.2014)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod