CVE-2021-32919 - Debian Debian Linux and Prosody Prosody

Critical 7.5

An issue was discovered in Prosody before 0.11.9. The undocumented dialback_without_dialback option in mod_dialback enables an experimental feature for server-to-server authentication. It does not correctly authenticate remote server certificates, allowing a remote server to impersonate another server (when this option is enabled).

Affected software

Debian Debian Linux

Prosody Prosody

Reference links

Get alerted to vulnerabilities in your software

CVE alerts, vulnerability alerts, latest versions and news matched to your software stack.