Main Vulnerability Database Vulnerabilities #VU53314

#VU53314 Improper Authorization in Prosody - CVE-2021-32917

Published: May 17, 2021

Vulnerability identifier: #VU53314

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2021-32917

CWE-ID: CWE-285

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Prosody

Software vendor:
Prosody

Description

The vulnerability allows a remote attacker to use server's bandwidth.

the vulnerability exists within the proxy65 component, which allows open access by default, even if neither of the users has an XMPP account on the local server. A remote attacker can consume the server's bandwidth.

Remediation

Install updates from vendor's website.

External links

https://blog.prosody.im/prosody-0.11.9-released/
http://www.openwall.com/lists/oss-security/2021/05/13/1
http://www.openwall.com/lists/oss-security/2021/05/14/2

#VU53314 Improper Authorization in Prosody - CVE-2021-32917

Description

Remediation

External links

Please verify you're human