Thursday, May 20, 2021

SUSE: CVE-2021-32919: SUSE Linux Security Advisory

Description
An issue was discovered in Prosody before 0.11.9. The undocumented dialback_without_dialback option in mod_dialback enables an experimental feature for server-to-server authentication. It does not correctly authenticate remote server certificates, allowing a remote server to impersonate another server (when this option is enabled).
Solution(s)
  • suse-upgrade-prosody
  • suse-upgrade-prosody-debuginfo
  • suse-upgrade-prosody-debugsource


  • References
  • CVE-2021-32919




  •  

    Copyright © 2020 Cyber Details - Vulnerability Database™

    Thanks for everything Templateism - You should have written the code a little more complicated