#563 Automatic MUC kicks on stream errors can reveal domains in semi-anonymous rooms

Reporter xnyhps
Owner Nobody
Created
Updated
Stars ★ (1)  
Tags
  • MUC
  • Type-Defect
  • Status-Accepted
  • Priority-High
  • Security
  1. xnyhps on

    When a stream error is returned when trying to route a stanza to a MUC participant, the text of the stream error is copied literally to the MUC as the reason for the kick: https://hg.prosody.im/0.9/file/5a60b4705bc3/plugins/muc/muc.lib.lua#l252 However, the stream error can contain the domain. For example, Prosody itself will include the domain when closing a stream with host-unknown: https://hg.prosody.im/0.9/file/5a60b4705bc3/plugins/mod_s2s/mod_s2s.lua#l324 This leads to error messages such as: User has left the chatroom (Kicked: remote server not found: Server-to-server connection failed: host-unknown (This host does not serve example.com)) This is a leak if the room is semi-anonymous.

  2. Zash on

    Un-hiding because we don't think this is exploitable.

    Changes
    • tag -Hidden
    • tag MUC
    • tag Status-Accepted
  3. xnyhps on

    The s2s_secure_auth setting creates the same problem as host-unknown: User has left the chatroom (Kicked: remote server not found: Server-to-server connection failed: not-authorized (Your server's certificate is invalid, expired, or not trusted by example.com))

  4. Zash on

    Typo :)

    Changes
    • title Autmatic MUC kicks on stream errors can reveal domains in semi-anonymous rooms Automatic MUC kicks on stream errors can reveal domains in semi-anonymous rooms

New comment