FreeBSD : telepathy-gabble -- TLS verification bypass (a3c2dee5-cdb9-11e2-b9ce-080027019be0)
Medium Nessus Plugin ID 66815
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionSimon McVittie reports :
This release fixes a man-in-the-middle attack.
If you use an unencrypted connection to a 'legacy Jabber' (pre-XMPP) server, this version of Gabble will not connect until you make one of these configuration changes :
. upgrade the server software to something that supports XMPP 1.0; or
. use an encrypted 'old SSL' connection, typically on port 5223 (old-ssl); or
. turn off 'Encryption required (TLS/SSL)' (require-encryption).
SolutionUpdate the affected package.