In words.protocols.jabber.xmlstream in Twisted through 19.2.1, XMPP support did not verify certificates when used with TLS, allowing an attacker to MITM connections.
The product does not validate, or incorrectly validates, a certificate.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Twisted | Twisted | * | 19.2.1 (including) |
Twisted | Ubuntu | bionic | * |
Twisted | Ubuntu | cosmic | * |
Twisted | Ubuntu | devel | * |
Twisted | Ubuntu | disco | * |
Twisted | Ubuntu | eoan | * |
Twisted | Ubuntu | trusty | * |
Twisted | Ubuntu | trusty/esm | * |
Twisted | Ubuntu | xenial | * |
Twisted-py3 | Ubuntu | trusty | * |