CVE-2016-10376

CVE-2016-10376 · LOW Severity

AV:N/AC:M/AU:S/C:P/I:N/A:N

Gajim through 0.16.7 unconditionally implements the "XEP-0146: Remote Controlling Clients" extension. This can be abused by malicious XMPP servers to, for example, extract plaintext from OTR encrypted sessions.

Learn more about our Cis Benchmark Audit For Server Software.