CVE-2020-8086

Name of the Vulnerable Software and Affected Versions Prosody mod auth ldap and mod auth ldap2 Community Modules versions prior to 2020-01-27

Description The issue is related to the incomplete verification of the XMPP address passed to the is admin() function in the mod auth ldap and mod auth ldap2 Community Modules for Prosody. This can allow a remote entity to gain admin-only functionality if their username matches that of a local admin, potentially leading to unauthorized access to confidential data, disruption of data integrity, and denial of service.

Recommendations For Prosody mod auth ldap and mod auth ldap2 Community Modules versions prior to 2020-01-27, update to a version released after 2020-01-27 to ensure proper verification of XMPP addresses and prevent unauthorized access. As a temporary workaround, consider restricting access to admin-only functionality until the update can be applied.