CVE-2009-3026

CVSS 5.0 - MEDIUM
Description

protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the "require TLS/SSL" preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect to the server without the expected encryption and allows remote attackers to sniff sessions.

Affected Products
1
Vendor Product Version
pidgin pidgin 2.6.0
References
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=5...
http://developer.pidgin.im/ticket/8131
http://developer.pidgin.im/viewmtn/revision/diff/3...
http://secunia.com/advisories/37071
http://www.openwall.com/lists/oss-security/2009/08...
http://www.securityfocus.com/bid/36368
https://exchange.xforce.ibmcloud.com/vulnerabiliti...
https://oval.cisecurity.org/repository/search/defi...
https://oval.cisecurity.org/repository/search/defi...
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=5...
http://developer.pidgin.im/ticket/8131
http://developer.pidgin.im/viewmtn/revision/diff/3...
http://secunia.com/advisories/37071
http://www.openwall.com/lists/oss-security/2009/08...
http://www.securityfocus.com/bid/36368
https://exchange.xforce.ibmcloud.com/vulnerabiliti...
https://oval.cisecurity.org/repository/search/defi...
https://oval.cisecurity.org/repository/search/defi...
Weakness Types
CWE-310
CVE Information
CVE ID:
CVE-2009-3026
Published:
2009-08-31
Modified:
2026-04-23
CVSS Score:
5.0
Severity:
MEDIUM
Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
Affected Vendors
pidgin
Quick Actions
View on NVD Find Similar CVEs
CVSS Severity Scale
0.0 - 3.9 LOW
4.0 - 6.9 MEDIUM
7.0 - 8.9 HIGH
9.0 - 10.0 CRITICAL