Ignite Realtime · Smack Xmpp Api · CVE-2014-0363
**Name of the Vulnerable Software and Affected Versions**
Smack XMPP API versions prior to 4.0.0-rc1
**Description**
The issue concerns the ServerTrustManager component, which fails to verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers. This allows attackers to spoof servers and obtain sensitive information via a crafted certificate chain.
**Recommendations**
For versions prior to 4.0.0-rc1, update to version 4.0.0-rc1 or later to resolve the issue.