Smokku

**Name of the Vulnerable Software and Affected Versions** jabberd2 versions 2.2.16 and earlier **Description** The issue arises from the lack of verification in `s2s/out.c` for requests related to XMPP Server Dialback responses. This allows remote XMPP servers to spoof domains by sending either a Verify Response or an Authorization Response. **Recommendations** For versions 2.2.16 and earlier, consider implementing a verification mechanism for XMPP Server Dialback responses to prevent domain spoofing until a patch is available. As a temporary workaround, restrict access to the `s2s/out.c` component to minimize the risk of exploitation.