| Summary | MITM when used without DNSSEC |
|---|---|
| Date | 2022-04-28 |
| CVE Number | CVE-2022-26491 |
| Discovered By | moparisthebest |
| Fixed In Release | 2.14.9 |
If not using DNSSEC it is trivial to perform a man in the middle attack a client via DNS spoofing. You can find more discussion in the XMPP Standards Archives.
Removed the code that supported the _xmppconnect DNS TXT record.