Cryptographic Issues
CVE-2014-8760
Summary
ejabberd before 2.1.13 does not enforce the starttls_required setting when compression is used, which causes clients to establish connections without encryption.
- LOW
- NETWORK
- NONE
- NONE
- PARTIAL
- NONE
CWE-310 - Cryptographic Issues
Cryptographic issues is a category of weaknesses related to the design and implementation of the confidentiality and integrity of data. If not addressed, the weaknesses in this category can lead to data quality degradation.
References
Advisory Timeline
- Published