oss-sec mailing list archives
Re: Prosody XMPP server advisory 2021-05-12 (multiple vulnerabilities)
From: Matthew Wild <mwild1 () gmail com>
Date: Fri, 14 May 2021 11:50:08 +0100
On Fri, 14 May 2021 at 11:08, Robert G. <robert.groesser () googlemail com> wrote:
Hey guys, thank you for fixing this!This flaw was discovered by Matthew Wild, a member of the Prosody team.The issue with MUC passwords was also previously identified by Robert Grösser. This wasn't identified by me, to be fair. I only reported this. The flaw was initially found by my colleague Marvin Zerulla.
Thanks for the clarification Robert! I've updated the advisory with this info. Your quote also highlighted that the text advisory is being served without an explicit character encoding. Thanks for finding that issue, now fixed :) Regards, Matthew
Current thread:
- Prosody XMPP server advisory 2021-05-12 (multiple vulnerabilities) Matthew Wild (May 13)
- <Possible follow-ups>
- Re: Prosody XMPP server advisory 2021-05-12 (multiple vulnerabilities) Robert G. (May 14)
- Re: Prosody XMPP server advisory 2021-05-12 (multiple vulnerabilities) Matthew Wild (May 14)