The mod_auth_ldap and mod_auth_ldap2 Community Modules through 2020-01-27 for Prosody incompletely verify the XMPP address passed to the is_admin() function. This grants remote entities admin-only functionality if their username matches the username of a local admin.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
prosody mod auth ldap |
||
prosody mod auth ldap2 |
||
debian debian linux 9.0 |
||
debian debian linux 10.0 |