CVE-2021-32919

An issue was discovered in Prosody before 0.11.9. The undocumented dialback_without_dialback option in mod_dialback enables an experimental feature for server-to-server authentication. It does not correctly authenticate remote server certificates, allowing a remote server to impersonate another server (when this option is enabled).
Configurations

Configuration 1

cpe:2.3:a:prosody:prosody:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

Information

Published : 2021-05-13 04:15

Updated : 2021-05-26 07:26


NVD link : CVE-2021-32919

Mitre link : CVE-2021-32919

Products Affected
No products.
CWE
CWE-295

Improper Certificate Validation