#VU62728 Man-in-the-Middle (MitM) attack in Pidgin - CVE-2022-26491

Cybersecurity Help s.r.o.

Published: 2022-05-02

Vulnerability identifier: #VU62728

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2022-26491

CWE-ID: CWE-300

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Pidgin
Client/Desktop applications / Messaging software

Vendor: pidgin.im

Description

The vulnerability allows a remote attacker to perform MitM-attack.

The vulnerability exists due to Pigin supports _xmppconnect DNS TXT record. If DNSSEC is not used, a remote attacker can perform MitM attack via DNS spoofing.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Pidgin: 1.5.1 - 2.14.8

External links
https://www.pidgin.im/about/security/advisories/cve-2022-26491/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

SUSE update for pidgin

Fedora 34 update for pidgin

Fedora 35 update for pidgin

Fedora 36 update for pidgin

Slackware Linux update for pidgin

Man-in-the-Middle (MitM) attack in Pidgin IM