CVE-2012-5524

Name of the Vulnerable Software and Affected Versions Gajim versions prior to 0.15.3

Description The issue allows remote attackers to conduct man-in-the-middle (MITM) attacks and spoof servers via an arbitrary certificate from a trusted CA, due to improper verification of SSL certificates by the ssl verify callback function in tls nb.py.

Recommendations For versions prior to 0.15.3, update to version 0.15.3 or later to resolve the issue. As a temporary workaround, consider disabling the ssl verify callback function until a patch is available. Restrict access to sensitive resources to minimize the risk of exploitation.