Enterprise communications at risk due to trivial MitM attack.Cisco’s Jabber client for Windows is plagued by a serious security vulnerability that allows attackers to downgrade STARTTLS settings and force communications to take place via cleartext, exposing a user’s private conversations and stealing his login credentials.
Security researchers Renaud Dubourguais and Sébastien Dudek from Synacktiv discovered the flaw (CVE-2015-6409), which affects versions 10.6.x, 11.0.x, and 11.1.x of Cisco’s Jabber client for Windows, an XMPP client used mainly in larger enterprises.
According to a technical write-up the two penned in December, an attacker could carry out a simple MitM (Man-in-the-Middle) attack, placing itself between the client and the server, and using the flaw in the Windows client, trick the desktop application into exposing sensitive information.
Attackers could theoretically obtain the victim’s login and password information, conversations, and file transfers. Besides eavesdropping on conversations, attackers would have also had the capability to alter messages passing through the MitM control point.
As the two explain, the attack was possible because the Windows client did not double-check with the server if the connection was started via TLS, and only listened to the initial commands it received.
Cisco patched the issue with the release of the Cisco Jabber client for Windows, version 1.0. For users running the affected versions, there’s no patch or workaround available, and to avoid having conversations wiretapped by unknown attackers, they should update right away.
The two researchers also provided proof-of-concept code.
Cisco Jabber for Windows STARTTLS Downgrade Vulnerability