An issue exists in Prosody prior to 0.11.9. The undocumented dialback_without_dialback option in mod_dialback enables an experimental feature for server-to-server authentication. It does not correctly authenticate remote server certificates, allowing a remote server to impersonate another server (when this option is enabled).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
prosody prosody |
||
debian debian linux 10.0 |
||
fedoraproject fedora 32 |
||
fedoraproject fedora 33 |
||
fedoraproject fedora 34 |