oss-sec mailing list archives

Re: Prosody XMPP server advisory 2021-05-12 (multiple vulnerabilities)

From: Matthew Wild <mwild1 () gmail com>
Date: Fri, 14 May 2021 11:50:08 +0100

On Fri, 14 May 2021 at 11:08, Robert G. <robert.groesser () googlemail com> wrote:


Hey guys,

thank you for fixing this!

This flaw was discovered by Matthew Wild, a member of the Prosody team.

The issue with MUC passwords was also previously identified by Robert
GrÃ¶sser.

This wasn't identified by me, to be fair. I only reported this.
The flaw was initially found by my colleague Marvin Zerulla.


Thanks for the clarification Robert! I've updated the advisory with this info.

Your quote also highlighted that the text advisory is being served
without an explicit character encoding. Thanks for finding that issue,
now fixed :)

Regards,
Matthew

Current thread:

Prosody XMPP server advisory 2021-05-12 (multiple vulnerabilities) Matthew Wild (May 13)
- <Possible follow-ups>
- Re: Prosody XMPP server advisory 2021-05-12 (multiple vulnerabilities) Robert G. (May 14)
  - Re: Prosody XMPP server advisory 2021-05-12 (multiple vulnerabilities) Matthew Wild (May 14)