Cisco Jabber Client Found Vulnerable to STARTTLS downgrade attack

  • -

Cisco Jabber Client Found Vulnerable to STARTTLS downgrade attack

Category : CyberSecurity , DataBreach

Researchers at Synacktiv have found that the Cisco Jabber
client is vulnerable to a STARTTLS downgrade attack. The vulnerability
manifests due to a failure to validate if a XMPP connection has been
established over TLS. A man-in-the-middle attacker could exploit this
flaw and tamper with the XMPP connection to avoid TLS negotiation,
causing the client to establish a XMPP connection over cleartext. Cisco
has released a security advisory and updated software to address this
vulnerability.

Article; Cisco


Search

Innovice-IT on Twitter

  1. Bas Eikelenboom

  2. Bas Eikelenboom
    Bas Eikelenboom: RT @RidT: A few observations on today's "online escalation" New York Times story. I see lots of people making assumptions and jumping to co…

  3. Bas Eikelenboom
    Bas Eikelenboom: RT @bellingcat: Bellingcat's @Timmi_Allen put together the following video demonstrating how various images of the Kokuka Courageous match…

  4. Bas Eikelenboom
    Bas Eikelenboom: RT @InfoSecHotSpot: AI and 5G will create an explosion in cybersecurity risks, says FBI agent and general counsel at $50 billion firm https…

  5. Bas Eikelenboom

Archive

Categories