21 matches found
Debian: Security Advisory (DLA-391-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
openSUSE Security Update : prosody (openSUSE-2021-728)
This update for prosody fixes the following issues : prosody was updated to 0.11.9 : Security : - modlimits, prosody.cfg.lua: Enable rate limits by default - certmanager: Disable renegotiation by default - modproxy65: Restrict access to local c2s connections by default - util.startup: Set more...
openSUSE: Security Advisory for prosody (openSUSE-SU-2021:0728-1)
The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
Security update for prosody (important)
openSUSE Security Update: Security update for prosody Announcement ID: openSUSE-SU-2021:0728-1 Rating: important References: 1186027 Cross-References: CVE-2021-32917 CVE-2021-32918 CVE-2021-32919 CVE-2021-32920 Affected Products: openSUSE Leap 15.2 An update that fixes four vulnerabilities is now...
CVE-2021-32919
An issue was discovered in Prosody before 0.11.9. The undocumented dialbackwithoutdialback option in moddialback enables an experimental feature for server-to-server authentication. It does not correctly authenticate remote server certificates, allowing a remote server to impersonate another serv...
CVE-2021-32919
An issue was discovered in Prosody before 0.11.9. The undocumented dialbackwithoutdialback option in moddialback enables an experimental feature for server-to-server authentication. It does not correctly authenticate remote server certificates, allowing a remote server to impersonate another serv...
CVE-2021-32919
An issue was discovered in Prosody before 0.11.9. The undocumented dialbackwithoutdialback option in moddialback enables an experimental feature for server-to-server authentication. It does not correctly authenticate remote server certificates, allowing a remote server to impersonate another serv...
CVE-2021-32919
An issue was discovered in Prosody before 0.11.9. The undocumented dialbackwithoutdialback option in moddialback enables an experimental feature for server-to-server authentication. It does not correctly authenticate remote server certificates, allowing a remote server to impersonate another serv...
Fedora 22 : prosody-0.9.10-1.fc22 (2016-e2c5111eda)
Prosody 0.9.10 ============== A summary of changes in this release: Security -------- moddialback: Adopt key generation algorithm from XEP-0185, to prevent impersonation attacks CVE-2016-0756 Fixes and improvements ---------------------- Startup: Open /dev/urandom read-only, to fix a failure to...
Fedora 23 : prosody-0.9.10-1.fc23 (2016-5a5c85c5a8)
Prosody 0.9.10 ============== A summary of changes in this release: Security -------- moddialback: Adopt key generation algorithm from XEP-0185, to prevent impersonation attacks CVE-2016-0756 Fixes and improvements ---------------------- Startup: Open /dev/urandom read-only, to fix a failure to...
Design/Logic Flaw
The generatedialback function in the moddialback module in Prosody before 0.9.10 does not properly separate fields when generating dialback keys, which allows remote attackers to spoof XMPP network domains via a crafted stream id and domain name that is included in the target domain as a suffix...
CVE-2016-0756
The CVE-2016-0756 issue affects Prosody’s mod_dialback, where the generate_dialback function in versions prior to 0.9.10 failed to properly distinguish fields when generating a dialback key. This allows a remote attacker to spoof an XMPP network domain by crafting a stream ID and embedding the do...
CVE-2016-0756
The generatedialback function in the moddialback module in Prosody before 0.9.10 does not properly separate fields when generating dialback keys, which allows remote attackers to spoof XMPP network domains via a crafted stream id and domain name that is included in the target domain as a suffix...
Debian DLA-391-1 : prosody security update
It was discovered that in prosody, a Lightweight Jabber/XMPP server, used a weak PRNG in the moddialback module. For Debian 6 Squeeze, this issue has been fixed in prosody version 0.7.0-1squeeze1+deb6u1. NOTE: Tenable Network Security has extracted the preceding description block directly from th...
DLA-391-1 prosody - security update
Bulletin has no description...
CVE-2016-1232
The moddialback module in Prosody before 0.9.9 does not properly generate random values for the secret token for server-to-server dialback authentication, which makes it easier for attackers to spoof servers via a brute force attack...
CVE-2016-1232
The moddialback module in Prosody before 0.9.9 does not properly generate random values for the secret token for server-to-server dialback authentication, which makes it easier for attackers to spoof servers via a brute force attack...
Authentication flaw
The moddialback module in Prosody before 0.9.9 does not properly generate random values for the secret token for server-to-server dialback authentication, which makes it easier for attackers to spoof servers via a brute force attack...
CVE-2016-1232
The moddialback module in Prosody before 0.9.9 does not properly generate random values for the secret token for server-to-server dialback authentication, which makes it easier for attackers to spoof servers via a brute force attack...
CVE-2016-1232
The moddialback module in Prosody before 0.9.9 does not properly generate random values for the secret token for server-to-server dialback authentication, which makes it easier for attackers to spoof servers via a brute force attack...