EUVD-2015-6351

Malware in sbrugna...

Mozilla: Downgrade attack on SMTP STARTTLS connections

Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication...

Mozilla: Downgrade attack on SMTP STARTTLS connections

Thunderbird ignored the configuration to require STARTTLS security for an SMTP connection. A MITM could perform a downgrade attack to intercept transmitted messages, or could take control of the authenticated session to execute SMTP commands chosen by the MITM. If an unprotected authentication...

Cisco Jabber STARTTLS Downgrade Vulnerability - Windows

Cisco Jabber is prone to STARTTLS downgrade vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:cisco:jabber";...

Cisco Jabber for Windows 8.x / 9.x / 10.x / 11.0.x / 11.1.x XMPP Connection MitM STARTTLS Downgrade (cisco-sa-20151224-jab)

The version of Cisco Jabber for Windows installed on the remote host is 8.x, 9.x, 10.x, 11.0.x, or 11.1.x prior to 11.5. It is, therefore, affected by man-in-the-middle STARTTLS downgrade vulnerability due to improper checks to ensure the Extensible Messaging and Presence Protocol XMPP connection...

CVE-2015-6409

Cisco Jabber for Windows (affected: 10.6.x, 11.0.x, 11.1.x) is vulnerable to a STARTTLS downgrade in XMPP due to improper verification of TLS, enabling MITM to force cleartext XMPP sessions. Exploitation details are not provided in the sources. Cisco indicates software updates will address the vu...