CVE-2013-1431

Name of the Vulnerable Software and Affected Versions Telepathy Gabble versions prior to 0.16.6 Telepathy Gabble versions 0.17.x prior to 0.17.4

Description The issue allows remote attackers to bypass TLS verification, potentially leading to man-in-the-middle attacks when connecting to a "legacy Jabber server". This could compromise the confidentiality, integrity, and availability of protected information. The exploitation of this issue can be done remotely.

Recommendations For Telepathy Gabble versions prior to 0.16.6, update to version 0.16.6 or later. For Telepathy Gabble versions 0.17.x prior to 0.17.4, update to version 0.17.4 or later. As a temporary workaround, consider restricting access to the Wocky module until a patch is available.