This script is Copyright (C) 2011-2012 Tenable Network Security, Inc.
The remote instant messaging service allows plaintext command injection
while negotiating an encrypted communications channel.
The remote XMPP service contains a software flaw in its STARTTLS
implementation that could allow a remote, unauthenticated attacker to
inject commands during the plaintext protocol phase that will be
executed during the ciphertext protocol phase.
Successful exploitation could reveal a user's credentials, allowing an
attacker to impersonate them. This could lead to further attacks
involving social engineering.
See also :
Contact the vendor to see if an update is available.
Risk factor :
Medium / CVSS Base Score : 4.0
CVSS Temporal Score : 3.3
Public Exploit Available : true
Nessus Plugin ID: 54844 ()
Bugtraq ID: 46767