CVE-2012-5524

Gajim < 0.15.3 - Man-in-the-Middle Attack via Improper SSL Certificate Verification

Title source: llm
STIX 2.1

Description

The _ssl_verify_callback function in tls_nb.py in Gajim before 0.15.3 does not properly verify SSL certificates, which allows remote attackers to conduct man-in-the-middle (MITM) attacks and spoof servers via an arbitrary certificate from a trusted CA.

References (4)

Core 4
Core References
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201401-02.xml
Exploit, Patch x_refsource_confirm
https://trac.gajim.org/ticket/7252
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/11/11/6

Scores

EPSS 0.0115
EPSS Percentile 63.1%

Details

CWE
CWE-20
Status published
Products (43)
gajim/gajim 0.1
gajim/gajim 0.2
gajim/gajim 0.2.1
gajim/gajim 0.3
gajim/gajim 0.4
gajim/gajim 0.4.1
gajim/gajim 0.5
gajim/gajim 0.5.1
gajim/gajim 0.6
gajim/gajim 0.6.1
... and 33 more
Published Feb 08, 2014
Tracked Since Feb 18, 2026