Cisco Jabber Client Found Vulnerable to STARTTLS downgrade attack

  • -

Cisco Jabber Client Found Vulnerable to STARTTLS downgrade attack

Category : CyberSecurity , DataBreach

Researchers at Synacktiv have found that the Cisco Jabber
client is vulnerable to a STARTTLS downgrade attack. The vulnerability
manifests due to a failure to validate if a XMPP connection has been
established over TLS. A man-in-the-middle attacker could exploit this
flaw and tamper with the XMPP connection to avoid TLS negotiation,
causing the client to establish a XMPP connection over cleartext. Cisco
has released a security advisory and updated software to address this
vulnerability.

Article; Cisco


Search

Innovice-IT on Twitter

  1. Bas Eikelenboom
    Bas Eikelenboom: RT @remco_verhoef: Several(9) hosts (CN) are probing tcp port 49153 to extract Belkin Wemo Home Electronics states (/upnp/control/basiceven…

  2. Bas Eikelenboom
    Bas Eikelenboom: RT @remco_verhoef: Sneak preview: this app uses bluetooth to connect a small usb (Red)stick as a compatible keyboard / mouse. No need to in…

  3. Bas Eikelenboom
    Bas Eikelenboom: RT @remco_verhoef: Any ideas about these payloads, being posted to port 80? They occur for a few months now, originating from 4 different s…

  4. Bas Eikelenboom
    Bas Eikelenboom: RT @remco_verhoef: Nice moment of @bad_packets showing "hacking" activity during #35c3 event. Scanning for vulnerable devices and services.…

  5. Bas Eikelenboom
    Bas Eikelenboom: RT @PowerDNS_Bert: A personal update on what I did in 2018 & a change of role over at PowerDNS: https://t.co/SHusV8cUdO - touches on keepin…

Archive

Categories