CVE-2016-10027

2017-01-12T23:59:00
ID CVE-2016-10027
Type cve
Reporter cve@mitre.org
Modified 2017-01-18T19:49:00

Description

Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of cleartext for client authentication by stripping the "starttls" feature from a server response.