CVE-2014-8760

Name of the Vulnerable Software and Affected Versions ejabberd versions prior to 2.1.13

Description The issue causes clients to establish connections without encryption when compression is used, due to the failure to enforce the starttls required setting.

Recommendations For versions prior to 2.1.13, update to version 2.1.13 or later to resolve the issue. As a temporary workaround, consider disabling compression until a patch is available. Restrict access to unencrypted connections to minimize the risk of exploitation.