Description
An issue was discovered in Prosody before 0.11.9. The undocumented dialback_without_dialback option in mod_dialback enables an experimental feature for server-to-server authentication. It does not correctly authenticate remote server certificates, allowing a remote server to impersonate another server (when this option is enabled).
Solution(s)
suse-upgrade-prosody suse-upgrade-prosody-debuginfo suse-upgrade-prosody-debugsource
ReferencesCVE-2021-32919