Ignite Realtime Smack 'Hostname' Verification SSL Certificate Security Bypass Vulnerability

Bugtraq ID:	69064
Class:	Design Error
CVE:	CVE-2014-5075
Remote:	Yes
Local:	No
Published:	Aug 06 2014 12:00AM
Updated:	Jul 15 2015 12:45AM
Credit:	Georg Lukas
Vulnerable:
Not Vulnerable:

Ignite Realtime Smack 'Hostname' Verification SSL Certificate Security Bypass Vulnerability

Smack is prone to a security-bypass vulnerability.

Successfully exploiting this issue allows attackers to perform man-in-the-middle attacks or impersonate trusted servers, which will aid in further attacks.

Smack versions prior to 4.0.2 are vulnerable.

Ignite Realtime Smack 'Hostname' Verification SSL Certificate Security Bypass Vulnerability

An attacker can use readily available tools to exploit this issue.

Ignite Realtime Smack 'Hostname' Verification SSL Certificate Security Bypass Vulnerability

Solution:
Updates are available. Please see the references or vendor advisory for more information.

Ignite Realtime Smack 'Hostname' Verification SSL Certificate Security Bypass Vulnerability

References: