CVE-2016-10027 in Smack信息

摘要

由 MITRE

Race condition in the XMPP library in Smack before 4.1.9, when the SecurityMode.required TLS setting has been set, allows man-in-the-middle attackers to bypass TLS protections and trigger use of cleartext for client authentication by stripping the "starttls" feature from a server response.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

来源

Want to know what is going to be exploited?

We predict KEV entries!