CVE-2012-3525

Name of the Vulnerable Software and Affected Versions jabberd2 versions 2.2.16 and earlier

Description The issue arises from the lack of verification in s2s/out.c for requests related to XMPP Server Dialback responses. This allows remote XMPP servers to spoof domains by sending either a Verify Response or an Authorization Response.

Recommendations For versions 2.2.16 and earlier, consider implementing a verification mechanism for XMPP Server Dialback responses to prevent domain spoofing until a patch is available. As a temporary workaround, restrict access to the s2s/out.c component to minimize the risk of exploitation.