Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of cleartext for client authentication by stripping the "starttls" feature from a server response.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2017-01-12T23:00:00
Updated: 2024-08-06T03:07:31.883Z
Reserved: 2016-12-22T00:00:00
Link: CVE-2016-10027
Vulnrichment
No data.
NVD
Status : Modified
Published: 2017-01-12T23:59:00.197
Modified: 2024-11-21T02:43:06.770
Link: CVE-2016-10027
Redhat