Prosody Unauthenticated Access Control Vulnerability in SOCKS5 Proxy (mod_proxy65)

A vulnerability allowing unauthenticated use of the SOCKS5 proxy module (mod_proxy65) has been identified in Prosody versions prior to 0.12.6 and 13.0.0 prior to 13.0.5. The issue arises from improper access control management in paused connections, enabling the relay of unauthenticated traffic through the proxy. This vulnerability requires knowledge of the proxy's domain and port, which defaults to port 5000, and can be exploited by skipping the initial discoverability stage of the protocol.

Impact

Exploitation of this vulnerability allows for unauthorized use of the SOCKS5 proxy, potentially leading to unauthorized access or manipulation of data being transferred through the proxy.

Remediation

Users can upgrade to Prosody versions 0.12.6 or 13.0.5. If mod_proxy65 is not needed, it can be disabled, although this may impact certain file transfer functionalities.