CVE-2018-10847

prosody before versions 0.10.2, 0.9.14 is vulnerable to an Authentication Bypass. Prosody did not verify that the virtual host associated with a user session remained the same across stream restarts. A user may authenticate to XMPP host A and migrate their authenticated session to XMPP host B of the same Prosody instance.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:prosody:prosody:*:*:*:*:*:*:*:*
cpe:2.3:a:prosody:prosody:0.10.0:*:*:*:*:*:*:*
cpe:2.3:a:prosody:prosody:0.10.1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-07-30 17:29

Updated : 2024-02-28 16:48


NVD link : CVE-2018-10847

Mitre link : CVE-2018-10847

CVE.ORG link : CVE-2018-10847


JSON object : View

Products Affected

prosody

  • prosody
CWE
CWE-287

Improper Authentication

CWE-592

DEPRECATED: Authentication Bypass Issues