CVE Vulnerabilities

CVE-2018-10847

DEPRECATED: Authentication Bypass Issues

Published: Jul 30, 2018 | Modified: Nov 21, 2024
CVSS 3.x
8.8
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
6.5 MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
LOW

prosody before versions 0.10.2, 0.9.14 is vulnerable to an Authentication Bypass. Prosody did not verify that the virtual host associated with a user session remained the same across stream restarts. A user may authenticate to XMPP host A and migrate their authenticated session to XMPP host B of the same Prosody instance.

Weakness

This weakness has been deprecated because it covered redundant concepts already described in CWE-287.

Affected Software

Name Vendor Start Version End Version
Prosody Prosody * 0.9.14 (excluding)
Prosody Prosody 0.10.0 (including) 0.10.0 (including)
Prosody Prosody 0.10.1 (including) 0.10.1 (including)
Prosody Ubuntu artful *
Prosody Ubuntu bionic *
Prosody Ubuntu esm-apps/bionic *
Prosody Ubuntu esm-apps/xenial *
Prosody Ubuntu trusty *
Prosody Ubuntu xenial *

References