CVE-2016-10027

Name of the Vulnerable Software and Affected Versions Smack versions prior to 4.1.9

Description A race condition in the XMPP library allows man-in-the-middle attackers to bypass TLS protections by stripping the "starttls" feature from a server response, triggering the use of cleartext for client authentication when the SecurityMode.required TLS setting has been set.

Recommendations For versions prior to 4.1.9, update to version 4.1.9 or later to resolve the issue. As a temporary workaround, consider disabling the use of the XMPP library until a patch is available. Restrict access to sensitive data to minimize the risk of exploitation.