#595 mod_register allows account creation before TLS

Reporter Zash
Owner Zash
Created
Updated
Stars (0)
Tags
  • Status-Fixed
  • Priority-Medium
  • Milestone-0.9
  • Security
  • Type-Defect
  1. Zash on

    With registration enabled and allowed but c2s_require_encryption = true IBR will succeed on unencrypted connections. It should probably respect c2s_require_encryption. Seems to affect all current versions.

  2. Zash on

    Fixed in https://hg.prosody.im/0.9/rev/72b6d5ab4137

    Changes
    • tags Milestone-0.9 Status-Fixed
    • owner Zash
  3. Zash on

    Changes
    • tags Hidden
  4. Zash on

    Changes
    • tags Priority-Medium

New comment

Not published. Used for spam prevention and optional update notifications.