Vulnerabilities

CVE-2014-0363

by Fred · 30/04/2014

The ServerTrustManager component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify basicConstraints and nameConstraints in X.509 certificate chains from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate chain.

Date published : 2014-04-30

http://www.securityfocus.com/bid/67119

http://www.kb.cert.org/vuls/id/489228

Similar

Tags: Cybersecurity Alert