Sylvain Sarméjeanne

**Name of the Vulnerable Software and Affected Versions** Smack versions prior to 4.1.9 **Description** A race condition in the XMPP library allows man-in-the-middle attackers to bypass TLS protections by stripping the "starttls" feature from a server response, triggering the use of cleartext for client authentication when the SecurityMode.required TLS setting has been set. **Recommendations** For versions prior to 4.1.9, update to version 4.1.9 or later to resolve the issue. As a temporary workaround, consider disabling the use of the XMPP library until a patch is available. Restrict access to sensitive data to minimize the risk of exploitation.