Medium severity5.3NVD Advisory· Published Jan 29, 2016· Updated Jun 17, 2026
CVE-2016-0756
CVE-2016-0756
Description
The generate_dialback function in the mod_dialback module in Prosody before 0.9.10 does not properly separate fields when generating dialback keys, which allows remote attackers to spoof XMPP network domains via a crafted stream id and domain name that is included in the target domain as a suffix.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3Patches
Vulnerability mechanics
References
8- blog.prosody.im/prosody-0-9-10-released/nvdPatchVendor Advisory
- prosody.im/security/advisory_20160127/nvdVendor Advisory
- lists.fedoraproject.org/pipermail/package-announce/2016-February/176796.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2016-February/176914.htmlnvd
- www.debian.org/security/2016/dsa-3463nvd
- www.openwall.com/lists/oss-security/2016/01/27/10nvd
- www.securityfocus.com/bid/82241nvd
- prosody.im/issues/issue/596nvd
News mentions
0No linked articles in our index yet.