SSL Certificate Hostname Validation Bypass in Slixmpp XMLStream

CVE-2022-45197 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Slixmpp before 1.8.3 lacks SSL Certificate hostname validation in XMLStream, allowing an attacker to pose as any server in the eyes of Slixmpp.

Learn more about our Cis Benchmark Audit For Server Software.