EUVD-2016-7368

Malware in sbrugna...

EUVD-2009-1371

Malware in sbrugna...

Messaging Service Wiretap Discovered through Expired TLS Cert

Fascinating story of a covert wiretap that was discovered because of an expired TLS certificate: The suspected man-in-the-middle attack was identified when the administrator of jabber.ru, the largest Russian XMPP service, received a notification that one of the servers’ certificates had expired...

CVE-2022-26491

An issue was discovered in Pidgin before 2.14.9. A remote attacker who can spoof DNS responses can redirect a client connection to a malicious server. The client will perform TLS certificate verification of the malicious domain name instead of the original XMPP service domain, allowing the attack...

CVE-2017-6722

Cisco Unified Contact Center Express (UCCX) is affected by CVE-2017-6722 via its XMPP service. The issue allows an unauthenticated, remote attacker to masquerade as a legitimate user (Clear Text Authentication Vulnerability) due to how the XMPP service handles authentication. Affected release: 10...

Cisco Unified Contact Center Express Clear Text Authentication Vulnerability

A vulnerability in the Extensible Messaging and Presence Protocol XMPP service of Cisco Unified Contact Center Express UCCx could allow an unauthenticated, remote attacker to masquerade as a legitimate user. The vulnerability is due to the XMPP service incorrectly processing an unsecured HTTP por...