Tigase XMPP Dialback Protection Bypass Vulnerability
A vulnerability has been reported in Tigase, which can be exploited by malicious people to bypass certain security restrictions.
The vulnerability is caused due to an error within the XMPP protocol implementation, which does not properly verify the "Verify Response" and "Authorization Response" messages. This can be exploited to spoof a domain and bypass the Dialback protection.
An attacking server could spoof one or more domains in communicating with a vulnerable server implementation, thereby avoiding the protections built into the Server Dialback protocol.
The vendor has issued a fix (Update to version 5.1.0).