pidgin
Page content
- Vulnerable: 2.4.3-1kalgan1
- Unaffected: 2.4.3-1kalgan2
A security issue has been reported in Pidgin, which can be exploited by malicious people to conduct spoofing attacks. The problem is that the certificate presented by e.g. a Jabber server at the beginning of an SSL session is not verified. This can be exploited to spoof valid servers via a man-in-the-middle attack. Successful exploitation requires that Pidgin is configured to use the NSS plugin.
- Bug Tracker URL: http://bugs.frugalware.org/task/3308