CVE-2018-10847

Summary

prosody before versions 0.10.2, 0.9.14 is vulnerable to an Authentication Bypass. Prosody did not verify that the virtual host associated with a user session remained the same across stream restarts. A user may authenticate to XMPP host A and migrate their authenticated session to XMPP host B of the same Prosody instance.

Affected Software

VendorProductVersion RangeStatus
[UNKNOWN]prosody0.10.2affected
[UNKNOWN]prosody0.9.14affected

Weaknesses

  • CWE-592: CWE-592

ADP Enrichment

CVE Program Container

Additional References

References