Enterprise communications at risk due to trivial MitM attack

Jan 4, 2016 19:09 GMT  ·  By

Cisco's Jabber client for Windows is plagued by a serious security vulnerability that allows attackers to downgrade STARTTLS settings and force communications to take place via cleartext, exposing a user's private conversations and stealing their login credentials.

Security researchers Renaud Dubourguais and Sébastien Dudek from Synacktiv discovered the flaw (CVE-2015-6409), which affects versions 10.6.x, 11.0.x, and 11.1.x of Cisco's Jabber client for Windows, an XMPP client used mainly in larger enterprises.

According to a technical write-up the two penned in December, an attacker could carry out a simple MitM (Man-in-the-Middle) attack, placing itself between the client and the server, and using the flaw in the Windows client, they could trick the desktop application into exposing sensitive information.

Attackers could theoretically obtain the victim's login and password information, conversations, and file transfers. Besides eavesdropping on conversations, attackers would have also had the capability to alter messages passing through the MitM control point.

As the two explain, the attack was possible because the Windows client did not double-check with the server if the connection was started via TLS, and only listened to the initial commands it received.

Cisco patched the issue with the release of the Cisco Jabber client for Windows, version 1.0. For users running the affected versions, there's no patch or workaround available, and to avoid having conversations wiretapped by unknown attackers, they should update right away.

The two researchers also provided proof-of-concept code.

UPDATE: Cisco has pushed out version 1.1 of its Jabber client after it discovered that versions 9.x, 10.6.x, 11.0.x, and 11.1.x of Cisco Jabber for iPhone and iPad and Cisco Jabber for Android were also affected

Cisco Jabber for Windows STARTTLS Downgrade Vulnerability
Cisco Jabber for Windows STARTTLS Downgrade Vulnerability

Photo Gallery (2 Images)

Cisco Jabber client for Windows vulnerable to MitM attacks
Cisco Jabber for Windows STARTTLS Downgrade Vulnerability
Open gallery