Openfire (ARCHIVED)

Wildcard server trust can be spoofed

Details

  • Type: Bug Bug
  • Status: Closed Closed
  • Priority: Major Major
  • Resolution: Fixed
  • Affects Version/s: None
  • Fix Version/s: 3.6.0
  • Component/s: Core
  • Labels:
    None
  • Acceptance Test - Add?:
    No

Description

Due to the method used to test against wildcard server trust certs, a dns hijack/poison attack can trick openfire into allowing the attack through.

Activity

There are no comments yet on this issue.

People

Vote (0)
Watch (0)

Dates

  • Created:
    Updated:
    Resolved:
Atlassian JIRA (v4.4.3#663-r165197) | Report a problem
Powered by a free Atlassian JIRA open source license for igniterealtime.org. Try JIRA - bug tracking software for your team.