Content

Cisco says chat client vulnerable to man-in-the-middle attack

Californian tech giant Cisco has released an advisory statement explaining that its chat client Jabbar is currently vulnerable to a man-in-the-middle attack.

Found in the Windows client of Jabbar, the vulnerability could allow an unauthenticated, remote attacker to perform a STARTTLS downgrade attack.

Discovered by Renaud Dubourguais and Sébastien Dudek from Synacktiv, a French cyber-security firm, versions affected include the 10.6.x, 11.0.x, and 11.1.x releases.

Currently the client does not verify that the Extensible Messaging and Presence Protocol (XMPP) connection has been established with Transport Layer Security (TLS).

XMPP enables the near-real-time exchange of structured yet extensible data between any two or more network entities.

Speaking to SCMagazineUK.com, Renaud Dubourguais explained, “Cisco Jabber is installed on an employee's computer and configured to connect to a Jabber server deployed by the company. During the connection process, a XMPP negotiation occurs to decide if they have to use a secured communication (TLS) or not which is where the vulnerability is. Once the negotiation is done, the client sends the company login details through XMPP messages to authenticate the employee and chats can start."

This means that subsequently, the attacker could cause the client to establish a plaintext XMPP connection. The report from Synacktiv says, “A successful exploitation could allow anyone to wiretap communications, steal user credentials, but also tamper messages sent between the client and the Jabber gateway.”

Cisco has released software updates that address this vulnerability, but as there are currently no workarounds available, the only way to make sure end users are protected would be to make sure their Jabber client is fully patched and up to date.

Gavin Millard, chief technical officer EMEA at Tenable Network Security commented, “To finish off the year of multiple downgrade attacks against SSL/TLS, the recently announced Cisco Jabber client issue is similar to many we've experienced in 2015. 

"As with many of the downgrade vulnerabilities, an attacker could manipulate the communication path to force a lower level of encryption between the client and server, making it easier to gain visibility into the data flow. What is of concern in this particular example though, is the fact the downgrade is to cleartext rather than a less secure implementation of SSL.” 

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.