Impact
A Prosody module allows the use of symmetrical algorithms to validate JWTs. This means that tokens generated by arbitrary sources can be used to gain authorization to protected rooms. There are no known incidents related to this vulnerability.
Patches
The issue was patched with this PR: #9319
A related warning comment was published with this PR: #9753
Workarounds
There are no workarounds.
References
None
Credits
Reported by: https://github.com/cyber-crypt-com
Nils Engelbertz
For more information
If you have any questions or comments about this advisory:
Impact
A Prosody module allows the use of symmetrical algorithms to validate JWTs. This means that tokens generated by arbitrary sources can be used to gain authorization to protected rooms. There are no known incidents related to this vulnerability.
Patches
The issue was patched with this PR: #9319
A related warning comment was published with this PR: #9753
Workarounds
There are no workarounds.
References
None
Credits
Reported by: https://github.com/cyber-crypt-com
Nils Engelbertz
For more information
If you have any questions or comments about this advisory: