The generate_dialback function in the mod_dialback module in Prosody prior to 0.9.10 does not properly separate fields when generating dialback keys, which allows remote malicious users to spoof XMPP network domains via a crafted stream id and domain name that is included in the target domain as a suffix.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
prosody prosody |