Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2021-32919

Published: 13/05/2021 Updated: 07/11/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Prosody

Vulnerability Summary

An issue exists in Prosody prior to 0.11.9. The undocumented dialback_without_dialback option in mod_dialback enables an experimental feature for server-to-server authentication. It does not correctly authenticate remote server certificates, allowing a remote server to impersonate another server (when this option is enabled).

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

prosody prosody

debian debian linux 10.0

fedoraproject fedora 32

fedoraproject fedora 33

fedoraproject fedora 34

Vendor Advisories

Debian CVElist Bug Report Logs: prosody: CVE-2021-32917 CVE-2021-32918 CVE-2021-32919 CVE-2021-32920 CVE-2021-32921
Debian Bug report logs - #988668 prosody: CVE-2021-32917 CVE-2021-32918 CVE-2021-32919 CVE-2021-32920 CVE-2021-32921 Package: src:prosody; Maintainer for src:prosody is Debian XMPP Maintainers <pkg-xmpp-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 17 May 2021 17:12:0 ...
Debian Security Advisories: DSA-4916-1 prosody -- security update
Multiple security issues were found in Prosody, a lightweight Jabber/XMPP server, which could result in denial of service or information disclosure For the stable distribution (buster), these problems have been fixed in version 0112-1+deb10u1 We recommend that you upgrade your prosody packages For the detailed security status of prosody please ...
Arch Linux Issues:
A security issue was found in the Prosodyim XMPP server software before version 0119 The undocumented option ‘dialback_without_dialback’ enabled an experimental feature for server-to-server authentication A flaw in this feature meant it did not correctly authenticate remote servers, allowing a remote server to impersonate another server wh ...

Mailing Lists

Full Disclosure: Re: Prosody XMPP server advisory 2021-05-12 (multiple vulnerabilities)
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Re: Prosody XMPP server advisory 2021-05-12 (multiple vulnerabilities) <!--X-Subject-Header-End--> <!--X-Head-of-Message--> ...

References

CWE-295https://blog.prosody.im/prosody-0.11.9-released/http://www.openwall.com/lists/oss-security/2021/05/13/1http://www.openwall.com/lists/oss-security/2021/05/14/2https://www.debian.org/security/2021/dsa-4916https://security.gentoo.org/glsa/202105-15https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6MFFBZWXKPZEVZNQSVJNCUE7WRF3T7DG/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LWJ2DG2DFJOEFEWOUN26IMYYWGSA2ZEE/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GUN63AHEWB2WRROJHU3BVJRWLONCT2B7/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988668https://nvd.nist.govhttps://www.debian.org/security/2021/dsa-4916
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4644unprivilegedCVE-2024-3494CVE-2024-22460CVE-2024-26026CVE-2024-23473firewallCVE-2024-28889XML external entity
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook