CVE-2012-5524
Gajim < 0.15.3 - Man-in-the-Middle Attack via Improper SSL Certificate Verification
Title source: llmDescription
The _ssl_verify_callback function in tls_nb.py in Gajim before 0.15.3 does not properly verify SSL certificates, which allows remote attackers to conduct man-in-the-middle (MITM) attacks and spoof servers via an arbitrary certificate from a trusted CA.
References (4)
Core 4
Core References
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201401-02.xml
Exploit, Patch x_refsource_confirm
https://trac.gajim.org/ticket/7252
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/11/11/6
Various Sources x_refsource_confirm
https://trac.gajim.org/query?status=closed&group=resolution&milestone=0.15.3
Scores
EPSS
0.0115
EPSS Percentile
63.1%
Details
CWE
CWE-20
Status
published
Products (43)
gajim/gajim
0.1
gajim/gajim
0.2
gajim/gajim
0.2.1
gajim/gajim
0.3
gajim/gajim
0.4
gajim/gajim
0.4.1
gajim/gajim
0.5
gajim/gajim
0.5.1
gajim/gajim
0.6
gajim/gajim
0.6.1
... and 33 more
Published
Feb 08, 2014
Tracked Since
Feb 18, 2026