CVE-2016-1232
12.01.2016, 20:59
The mod_dialback module in Prosody before 0.9.9 does not properly generate random values for the secret token for server-to-server dialback authentication, which makes it easier for attackers to spoof servers via a brute force attack.Enginsight
Vendor | Product | Version |
---|---|---|
prosody | prosody | 𝑥 ≤ 0.9.8 |
prosody | prosody | 0.9.0 |
prosody | prosody | 0.9.1 |
prosody | prosody | 0.9.2 |
prosody | prosody | 0.9.3 |
prosody | prosody | 0.9.4 |
prosody | prosody | 0.9.5 |
prosody | prosody | 0.9.6 |
prosody | prosody | 0.9.7 |
debian | debian_linux | 7.0 |
debian | debian_linux | 8.0 |
𝑥
= Vulnerable software versions

Debian Releases

Ubuntu Releases
References