Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The _ssl_verify_callback function in tls_nb.py in Gajim before 0.15.3 does not properly verify SSL certificates, which allows remote attackers to conduct man-in-the-middle (MITM) attacks and spoof servers via an arbitrary certificate from a trusted CA.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Gajim ‘_ssl_verify_callback()’函数SSL证书验证欺骗漏洞
Vulnerability Description
Gajim是Gajim项目开发的一套基于Jabber通讯协定的自由即时通讯软件。该软件采用GTK+套件编写而成,支持分页聊天窗口、小组讨论、表情图案等。 Gajim 0.15.3之前的版本中的tls_nb.py文件中的‘_ssl_verify_callback’函数中存在安全漏洞,该漏洞源于程序没有正确验证SSL证书。远程攻击者可借助任意可信的CA证书利用该漏洞实施中间人攻击欺骗服务器。
CVSS Information
N/A
Vulnerability Type
N/A