CVE-2016-1232

Publication date

2016-01-12 20:00:00

Family

debian

State

PUBLISHED

Description

The mod_dialback module in Prosody before 0.9.9 does not properly generate random values for the secret token for server-to-server dialback authentication, which makes it easier for attackers to spoof servers via a brute force attack.