Spoofing Vulnerability in Apple iChat Server's XMPP Protocol
CVE-2012-4672

Currently unrated

Key Information:

Vendor: Apple
Status: Ichat Server
Vendor: CVE Published:; 25 August 2012

Summary

The Apple iChat Server contains a vulnerability related to the XMPP protocol, in which the server fails to properly verify requests for XMPP Server Dialback responses. This oversight allows malicious remote XMPP servers to forge domain responses for domains that were not originally asserted, potentially leading to unauthorized actions or data deception. Users of iChat Server should take precautionary measures to safeguard against the exploitation of this vulnerability.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/78133

vdb-entryx_refsource_XF

http://xmpp.org/resources/security-notices/server-dialback/

x_refsource_MISC

Timeline

Vulnerability published
Aug 25, 2012
Vulnerability Reserved
Aug 25, 2012