It has always been vulnerable to MITM attacks when it is not used with DNSSEC,
and has been removed from XEP-0156 because of that. We have been issued
CVE-2022-26491 for this issue.
More discussion can be found at
https://mail.jabber.org/pipermail/standards/2022-February/038759.html.
Testing Done:
Compiled
Reviewed at https://reviews.imfreedom.org/r/1357/
#Introductionandsetup
Pidginhasfuzzingsupportforlibpurplevia
[Libfuzzer](https://llvm.org/docs/LibFuzzer.html).Ifyou're new to fuzzing with
libfuzzer, there is a fantastic tutorial available