Prosody security advisory 2016/01/08 - 2

CVE-2016-1232

Affected versions:
All
Affected Prosody modules:
mod_dialback
Fixed versions:
0.9.9, 0.10 nightly build 196, trunk nightly build 608

Description

It was discovered that Prosody's generation of the secret token for server-to-server dialback authentication relied upon a weak random number generator that was not cryptographically secure. This allows an attacker to guess at probable values of the secret key. A successful guess allows impersonation of the affected domain to other servers on the network.

Affected configurations

Configurations with mod_dialback loaded (default configuration) are affected.

Servers with s2s_secure_auth = true will not be susceptible to incoming attempts to spoof other domains on the network. However if mod_dialback is loaded, a server's domain's may still be spoofed by an attacker in connections to other servers.

Not affected are configurations with a strong custom dialback_secret set (though periodically regenerating the dialback_secret is still advisable).

Temporary mitigation

Set the 'dialback_secret' option in your configuration file to a long random string.

A strong dialback_secret can be generated (for example) using the command:

head -c 32 /dev/urandom | base64

Alternatively disable mod_dialback by adding it to your modules_disabled option in your configuration file. In this case communication with servers that only support dialback or have untrusted certificates will not be possible.

Advice

All users should upgrade to 0.9.9, or check their OS distribution for security updates. Users of development branches (0.10, trunk) should upgrade to the latest nightly builds.

Credits

The flaw was discovered and reported by Thijs Alkemade.