Protect your corporate IT network from hackers and other unwanted intruders with Proxy Sentinel™. Click here for all the details and get the peace of mind you deserve.
Back to our Homepage Proxy Sentinel™ high performance Internet proxy server and secure firewall solution Firewall Sentinel™ secure & powerful Internet firewall solution About Internet Security.ca and GCIS Frequently Asked Questions on Internet security issues Internet Security Industry News - Stay informed of what's happening Contact Internet Security.ca today and order your Proxy Sentinel™ or Firewall Sentinel™ server now!

Cisco announces security vulnerability in its Jabber for Windows app

If you need reliability when it comes to SMTP servers, get the best, get Port 587.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.

January 4, 2016

Earlier today, Cisco has announced a new security vulnerability in its Jabber for Windows app. This is the second time the company issues a security bulletin for its Jabber solution.

The security advisory suggests that users of Jabber for Windows version 10.6.x through to 11.1.x upgrade, since those particular versions are vulnerable to a STARTTLS 'man-in-the-middle' downgrade attack.

“The client does not verify that the Extensible Messaging and Presence Protocol (XMPP) connection has been established with Transport Layer Security (TLS), thus an attacker could easily exploit this vulnerability by performing a man in the middle attack to tamper with the XMPP connection and avoid the TLS negotiation,” the advisory states.

A successful exploit would leave the vulnerable clients communicating in the clear, hence the gravity of this security issue.

Synacktive, which discovered the problem, writes that its researchers Renaud Dubourguais and Sébastien Dudek found the security issue.

If an attacker had control of a WiFi hotspot the client connected to, it's easy to force-drop the STARTTLS request from the server, leaving the client chatting in plain text for everyone to see.

And by negotiating its own SSL session with the server, the attacker can trick the server into thinking that the session is secured, so it won't raise any warnings to the client.

Source: Cisco.

Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!

Share on Twitter.


Home | Proxy Sentinel™ | Firewall Sentinel™ | FAQ | News | Sitemap | Contact
Copyright © Internet Security.ca    Terms of use    Privacy agreement    Legal disclaimer