[guardian-dev] Smack SSL MiTM Vuln and ChatSecure beta fix
Nathan of Guardian
nathan at guardianproject.info
Tue Aug 5 16:59:58 EDT 2014
Thanks to Georg of Yaxim for his great work on this, both technically
and in coordinating with us.
"Smack is an Open Source XMPP (Jabber) client library for instant
messaging and presence written in Java. Smack prior to version 4.0.2 is
vulnerable to TLS Man-in-the-Middle attacks, as it fails to check if the
server certificate matches the hostname of the connection."
Our fix for ChatSecure:Android
is included in the new ChatSecure 13.2.0 beta out today, which is near
enough to stable, that we recommend an upgrade:
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 884 bytes
Desc: OpenPGP digital signature
More information about the Guardian-dev