Cisco Jabber Client Found Vulnerable to STARTTLS downgrade attack

  • -

Cisco Jabber Client Found Vulnerable to STARTTLS downgrade attack

Category : CyberSecurity , DataBreach

Researchers at Synacktiv have found that the Cisco Jabber
client is vulnerable to a STARTTLS downgrade attack. The vulnerability
manifests due to a failure to validate if a XMPP connection has been
established over TLS. A man-in-the-middle attacker could exploit this
flaw and tamper with the XMPP connection to avoid TLS negotiation,
causing the client to establish a XMPP connection over cleartext. Cisco
has released a security advisory and updated software to address this
vulnerability.

Article; Cisco


Search

Innovice-IT on Twitter

  1. Bas Eikelenboom
    Bas Eikelenboom: RT @remco_verhoef: Using Marija you can identify (malicious) anomalies in @awscloud by exploring and visualising CloudTrails over multiple…

  2. Bas Eikelenboom
    Bas Eikelenboom: RT @cryptoron: Dit kan best wel eens waardevol worden https://t.co/ERZ36yWRSI

  3. Bas Eikelenboom
    Bas Eikelenboom: RT @AIVD: De tweede (en laatste) teaservraag voor de AIVD kerstpuzzel 2018. Met de juiste oplossing krijg je toegang tot de eerste editie v…

  4. Bas Eikelenboom
    Bas Eikelenboom: RT @busnssprotect: https://t.co/m8LudSPR38 - Meerderheid consumenten stopt organisatie in de ban bij datalek: https://t.co/9egdVToUlX

  5. Bas Eikelenboom
    Bas Eikelenboom: RT @remco_verhoef: Host 77.127.93.192 (IL) is actively (but slowly) scanning for printers and VMware ESX servers using Service Location Pro…

Archive

Categories