Man-in-the-Middle (MitM) Affecting com.neovisionaries:nv-websocket-client Open this link in a new tab package, versions [,2.1)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
20 Nov 2017
23 Apr 2017
How to fix?
com.neovisionaries:nv-websocket-client to version 2.1 or higher.
com.neovisionaries:nv-websocket-client is a WebSocket client implementation in Java.
Affected versions of this package are vulnerable to Man-in-the-Middle (MitM). The Java WebSocket client nv-websocket-client does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL/TLS servers via an arbitrary valid certificate.