Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement XEP-0474: SASL SCRAM Downgrade Protection #79

Closed
tmolitor-stud-tu opened this issue Dec 11, 2023 · 3 comments
Closed

Implement XEP-0474: SASL SCRAM Downgrade Protection #79

tmolitor-stud-tu opened this issue Dec 11, 2023 · 3 comments
Assignees
@prefiks

Comments

@tmolitor-stud-tu
Copy link

The exact rationale and multiple examples why this specification fills an important gap in our XMPP security infrastructure is detailed in the XEP.

The XEP is really simple, though, and should be easy to implement in ejabberd.

It is already implemented for prosody at https://modules.prosody.im/mod_sasl_ssdp.html
@prefiks prefiks self-assigned this Dec 12, 2023
prefiks added a commit that referenced this issue Dec 13, 2023
@prefiks
Add support for xep-0474 SASL SCRAM Downgrade Protection
01e4106 
This fixes issue #79
@prefiks
Copy link
Member

prefiks commented Dec 13, 2023

Commit 01e4106 brings support for version 0.3.0 of that protocol.

@prefiks prefiks closed this as completed Dec 13, 2023
@tmolitor-stud-tu
Copy link
Author

@prefiks Great, thanks!

@Neustradamus Neustradamus mentioned this issue Dec 23, 2023
Open
@Neustradamus
Copy link

@badlop: Do not forget this XEP-0474 too ;)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@prefiks prefiks

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@prefiks @Neustradamus @tmolitor-stud-tu