[Pidgin] #3381: XMPP TLS and (old) SSL man-in-the-middle attack
Pidgin
trac at pidgin.im
Sat Aug 2 23:11:49 EDT 2008
#3381: XMPP TLS and (old) SSL man-in-the-middle attack
-------------------------+--------------------------------------------------
Reporter: bluefoxicy | Owner: wehlhard
Type: defect | Status: new
Priority: minor | Milestone:
Component: XMPP | Version: 2.2.0
Resolution: | Keywords:
Pending: 0 |
-------------------------+--------------------------------------------------
Comment (by LouCipher):
This issue applies only to the NSS library. Unfortunately, Debian
mistakenly started using NSS - see this Debian bug: http://bugs.debian.org
/cgi-bin/bugreport.cgi?bug=401567
This means that many people using Debian derivatives could have
compromised potentially valuable passwords, since the PLAIN mechanism is
often used over TLS.
I recommend that the NSS plugin be removed from production releases.
--
Ticket URL: <http://developer.pidgin.im/ticket/3381#comment:5>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list