PT-2014-3592 · Ignite Realtime · Smack Xmpp Api

Florian Schmaus

Published

2014-04-30

Updated

2021-02-23

CVE-2014-0363

CVSS v2.0

5.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions Smack XMPP API versions prior to 4.0.0-rc1

Description The issue concerns the ServerTrustManager component, which fails to verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers. This allows attackers to spoof servers and obtain sensitive information via a crafted certificate chain.

Recommendations For versions prior to 4.0.0-rc1, update to version 4.0.0-rc1 or later to resolve the issue.

Fix

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

CVE-2014-0363

MGASA-2014-0548

Affected Products

Smack Xmpp Api

PT-2014-3592 · Ignite Realtime · Smack Xmpp Api

CVE-2014-0363

Weakness Enumeration

Related Identifiers

Affected Products

References · 13