Cisco Jabber flaw allows MitM attackers to wiretap communications

A vulnerability in Cisco’s Jabber client for Windows can be exploited by attackers to wiretap communications, steal user credentials, and to tamper with messages sent between the client and the Jabber gateway, Synacktiv researchers have warned.

“The Cisco Jabber client supports STARTTLS negotiation in order to secure communications, but doesn’t check if this extension is required by the server, so an attacker performing a Man-In-The-Middle attack can drop the STARTTLS requirement to force the client to talk in clear-text without any warning,” Renaud Dubourguais and S├ębastien Dudek explained in a document offering a simple attack scenario (click on the screenshot to enlarge it):

They also published PoC code for exploiting the flaw.

The flaw (CVE-2015-6409) affects versions 10.6.x, 11.0.x, and 11.1.x of the popular enterprise secure communication tool and has been patched by Cisco in late December.

There are no workarounds for the issue, so users are advised to update the software in order to remain secure. The good news is that there is currently no evidence that the vulnerability has been exploited in the wild.

Jabber for Android, Blackberry, iOS, and OS X is not affected by the flaw.