CVE-2017-10807: jabberd: Jabberd before 2.6.1 allows anyone to authenticate using SASLANONYMOUS even when this option is disabled

Severity: Critical

CVSS Score: 9.8

JabberD 2.x (aka jabberd2) before 2.6.1 allows anyone to authenticate using SASL ANONYMOUS, even when the sasl.anonymous c2s.xml option is not enabled.