CVE-2009-3026 — Vulnetix

Try Vulnetix Request Demo

CVE-2009-3026 PUBLISHED CVSS 5 MEDIUM

protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the "require TLS/SSL" preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect to the server without the expected encryption and allows remote attackers to sniff sessions.

EPSS 0.53% · 66.9th percentile

Risk Scores

CVSS v2.0

5

EPSS Score

0.53%

66.9th percentile

Affected Products

Vendor	Product	Versions
pidgin	pidgin	2.6.0
n/a	n/a	n/a

Timeline

Aug 31, 2009 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score

References

36368 vdb
http://developer.pidgin.im/viewmtn/revision/diff/312e056d702d29379ea61aea9d27765f127bc888/with/55897c4ce0787edc1e7721b7f4a9b5cbc8357279 url
http://developer.pidgin.im/ticket/8131 url
37071 third-party-advisory
[oss-security] 20090824 CVE id request: pidgin mailing-list
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=542891 url
pidgin-libpurple-weak-security(53000) vdb
oval:org.mitre.oval:def:5757 vdb
oval:org.mitre.oval:def:11070 vdb
https://nvd.nist.gov/vuln/detail/CVE-2009-3026 advisory

Open in Interactive Console →