Igniterealtime: >> Smack >> 4.1.5 Security Vulnerabilities
Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of cleartext for client authentication by stripping the "starttls" feature from a server response.
CVSS Score
5.9
EPSS Score
0.004
Published
2017-01-12