CVE-2018-10847

prosody before versions 0.10.2, 0.9.14 is vulnerable to an Authentication Bypass. Prosody did not verify that the virtual host associated with a user session remained the same across stream restarts. A user may authenticate to XMPP host A and migrate their authenticated session to XMPP host B of the same Prosody instance.
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:a:prosody:prosody:0.10.0:*:*:*:*:*:*:*
cpe:2.3:a:prosody:prosody:0.10.1:*:*:*:*:*:*:*
cpe:2.3:a:prosody:prosody:*:*:*:*:*:*:*:*

Information

Published : 2018-07-30 10:29

Updated : 2019-10-09 16:33


NVD link : CVE-2018-10847

Mitre link : CVE-2018-10847


JSON object : View

CWE
CWE-287

Improper Authentication

Advertisement

dedicated server usa

Products Affected

prosody

  • prosody