Prosody security advisory 2016/01/08 - 2
- Affected versions:
- Affected Prosody modules:
- Fixed versions:
- 0.9.9, 0.10 nightly build 196, trunk nightly build 608
It was discovered that Prosody's generation of the secret token for server-to-server dialback authentication relied upon a weak random number generator that was not cryptographically secure. This allows an attacker to guess at probable values of the secret key. A successful guess allows impersonation of the affected domain to other servers on the network.
Configurations with mod_dialback loaded (default configuration) are affected.
Servers with s2s_secure_auth = true will not be susceptible to incoming attempts to spoof other domains on the network. However if mod_dialback is loaded, a server's domain's may still be spoofed by an attacker in connections to other servers.
Not affected are configurations with a strong custom dialback_secret set (though periodically regenerating the dialback_secret is still advisable).
Set the 'dialback_secret' option in your configuration file to a long random string.
A strong dialback_secret can be generated (for example) using the command:
head -c 32 /dev/urandom | base64
Alternatively disable mod_dialback by adding it to your modules_disabled option in your configuration file. In this case communication with servers that only support dialback or have untrusted certificates will not be possible.
All users should upgrade to 0.9.9, or check their OS distribution for security updates. Users of development branches (0.10, trunk) should upgrade to the latest nightly builds.
The flaw was discovered and reported by Thijs Alkemade.