Unauthenticated SASL ANONYMOUS Authentication in JabberD 2.x

Unauthenticated SASL ANONYMOUS Authentication in JabberD 2.x

CVE-2017-10807 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

JabberD 2.x (aka jabberd2) before 2.6.1 allows anyone to authenticate using SASL ANONYMOUS, even when the sasl.anonymous c2s.xml option is not enabled.

Learn more about our Web Application Penetration Testing UK.