Download
| Alert*
oval:org.secpod.oval:def:1801096
Due to insufficient validation of client-provided parameters during XMPP stream restarts, authenticated users may override the realm associated with their session, potentially bypassing security policies and allowing impersonation. Affected versions:¶ 0.9.x prior to 0.9.14, 0.10.x prior to 0.10 ... oval:org.secpod.oval:def:1900048 prosody before versions 0.10.2, 0.9.14 is vulnerable to an Authentication Bypass. Prosody did not verify that the virtual host associated with a usersession remained the same across stream restarts. A user may authenticate to XMPP host A and migrate their authenticated session to XMPP host B of the ... oval:org.secpod.oval:def:114624 Prosody is a flexible communications server for Jabber/XMPP written in Lua. It aims to be easy to use, and light on resources. For developers it aims to be easy to extend and give a flexible system on which to rapidly develop added functionality, or prototype new protocols. oval:org.secpod.oval:def:603414 It was discovered that Prosody, a lightweight Jabber/XMPP server, does not properly validate client-provided parameters during XMPP stream restarts, allowing authenticated users to override the realm associated with their session, potentially bypassing security policies and allowing impersonation. D ... oval:org.secpod.oval:def:114625 Prosody is a flexible communications server for Jabber/XMPP written in Lua. It aims to be easy to use, and light on resources. For developers it aims to be easy to extend and give a flexible system on which to rapidly develop added functionality, or prototype new protocols. oval:org.secpod.oval:def:53340 It was discovered that Prosody, a lightweight Jabber/XMPP server, does not properly validate client-provided parameters during XMPP stream restarts, allowing authenticated users to override the realm associated with their session, potentially bypassing security policies and allowing impersonation. D ... |