CVE-2012-4671 Information

Description

psyced before 20120821 does not verify that a request was made for an XMPP Server Dialback response which allows remote XMPP servers to spoof domains via responses for domains that were not asserted.

Reference

http://www.psyced.org/files/psyced-20120821.tar.bz2 http://xmpp.org/resources/security-notices/server-dialback/