42 matches found
EUVD-2012-4597
Malware in sbrugna...
EUVD-2012-4594
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2021-32919
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Prosody before 0.11.9. The undocumented dialbackwithoutdialback option in moddialback enables an experimental feature for...
CVE-2012-4671
psyced before 20120821 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted...
SUSE CVE-2012-3525
s2s/out.c in jabberd2 2.2.16 and earlier does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a 1 Verify Response or 2 Authorization Response...
SUSE CVE-2016-0756
The generatedialback function in the moddialback module in Prosody before 0.9.10 does not properly separate fields when generating dialback keys, which allows remote attackers to spoof XMPP network domains via a crafted stream id and domain name that is included in the target domain as a suffix...
SUSE CVE-2016-1232
The moddialback module in Prosody before 0.9.9 does not properly generate random values for the secret token for server-to-server dialback authentication, which makes it easier for attackers to spoof servers via a brute force attack...
Authentication Bypass
prosody is vulnerable to authentication bypass. The undocumented dialbackwithoutdialback option in moddialback enables an experimental feature for server-to-server authentication. It does not correctly authenticate remote server certificates, allowing a remote server to impersonate another server...
FreeBSD : Prosody -- multiple vulnerabilities (fc75570a-b417-11eb-a23d-c7ab331fd711)
The Prosody security advisory 2021-05-12 reports : This advisory details 5 new security vulnerabilities discovered in the Prosody.im XMPP server software. All issues are fixed in the 0.11.9 release default configuration. - CVE-2021-32918: DoS via insufficient memory consumption controls -...
DEBIAN-CVE-2021-32919
An issue was discovered in Prosody before 0.11.9. The undocumented dialbackwithoutdialback option in moddialback enables an experimental feature for server-to-server authentication. It does not correctly authenticate remote server certificates, allowing a remote server to impersonate another serv...
UBUNTU-CVE-2021-32919
An issue was discovered in Prosody before 0.11.9. The undocumented dialbackwithoutdialback option in moddialback enables an experimental feature for server-to-server authentication. It does not correctly authenticate remote server certificates, allowing a remote server to impersonate another serv...
CVE-2021-32919
An issue was discovered in Prosody before 0.11.9. The undocumented dialbackwithoutdialback option in moddialback enables an experimental feature for server-to-server authentication. It does not correctly authenticate remote server certificates, allowing a remote server to impersonate another serv...
PT-2021-4056 · Prosody +2 · Prosody +2
Name of the Vulnerable Software and Affected Versions: Prosody versions prior to 0.11.9 Description: The issue is related to the undocumented dialback without dialback option in the mod dialback module, which enables an experimental feature for server-to-server authentication. This option does no...
Fedora 23 : prosody-0.9.9-2.fc23 (2016-38e48069f8)
Prosody 0.9.9 ============= A summary of changes: Security fixes -------------- Fix path traversal vulnerability in modhttpfiles CVE-2016-1231 Fix use of weak PRNG in generation of dialback secrets CVE-2016-1232 Bugs ---- Improve handling of CNAME records in DNS Fix traceback when deleting a user...
Unspecified vulnerability in Prosody mod_dialback module
Prosody is a suite of Jabber/XMPP communication server software written in Lua. moddialback is one of the authentication modules used for communication between local servers. A security vulnerability exists in the 'generatedialback' function in the moddialback module in versions of Prosody prior ...
Debian DSA-3463-1 : prosody - security update
It was discovered that insecure handling of dialback keys may allow a malicious XMPP server to impersonate another server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-3463. The text...
DSA-3463-1 prosody - security update
Bulletin has no description...
DEBIAN-CVE-2016-0756
The generatedialback function in the moddialback module in Prosody before 0.9.10 does not properly separate fields when generating dialback keys, which allows remote attackers to spoof XMPP network domains via a crafted stream id and domain name that is included in the target domain as a suffix...
UBUNTU-CVE-2016-0756
The generatedialback function in the moddialback module in Prosody before 0.9.10 does not properly separate fields when generating dialback keys, which allows remote attackers to spoof XMPP network domains via a crafted stream id and domain name that is included in the target domain as a suffix...
Prosody mod_dialback module spoofing vulnerability
Prosody is a set of Jabber/XMPP communication server software written in Lua. Prosody's moddialback module fails to correctly generate random numbers for the server-to-server dialback authentication secret token, allowing remote attackers to spoof the server by performing a brute-force attack...