Cisco Jabber Client Found Vulnerable to STARTTLS downgrade attack

  • -

Cisco Jabber Client Found Vulnerable to STARTTLS downgrade attack

Category : CyberSecurity , DataBreach

Researchers at Synacktiv have found that the Cisco Jabber
client is vulnerable to a STARTTLS downgrade attack. The vulnerability
manifests due to a failure to validate if a XMPP connection has been
established over TLS. A man-in-the-middle attacker could exploit this
flaw and tamper with the XMPP connection to avoid TLS negotiation,
causing the client to establish a XMPP connection over cleartext. Cisco
has released a security advisory and updated software to address this
vulnerability.

Article; Cisco


Search

Innovice-IT on Twitter

  1. Bas Eikelenboom
    Bas Eikelenboom: RT @Miltenburg_14: Sinterklaas helpen gestolen pakjes naar de kinderen terug te brengen #Sinterklaas #dankbaar #blijekinderen @PolitieUtrec

  2. Bas Eikelenboom
    Bas Eikelenboom: RT @Byte_Fighter: De politiechatbot Wout is actief! @Politie https://t.co/NInnWbzWdj

  3. Bas Eikelenboom
    Bas Eikelenboom: RT @UID_: Now all DNS goes via CloudFlare too. This thread is only getting longer, what the F are we doing?! When can I stop quoting this t…

  4. Bas Eikelenboom
    Bas Eikelenboom: RT @InfoSecHotSpot: Unfilled cybersecurity jobs are expected to reach 1.8 million by 2022, up 20 percent from 1.5 million in 2015, accordin…

  5. Bas Eikelenboom

Archive

Categories