[jdev] [Security] Spoofing of iq ids and misbehaving servers

Alexander Holler holler at ahsoftware.de
Sat Feb 1 09:47:06 UTC 2014

Am 31.01.2014 22:51, schrieb Thijs Alkemade:

> These use an incrementing counter to generate ids, starting from 0. This means
> that, for example, roster retrieval always gets the same id and could be
> spoofed by a fast enough attacker:

Could you elaborate how that attacker does send those spoofed stanzas?


Alexander Holler

More information about the JDev mailing list