[Security] [jdev] Spoofing of iq ids and misbehaving servers

Alexander Holler holler at ahsoftware.de
Sat Feb 1 09:47:06 UTC 2014


Am 31.01.2014 22:51, schrieb Thijs Alkemade:

> These use an incrementing counter to generate ids, starting from 0. This means
> that, for example, roster retrieval always gets the same id and could be
> spoofed by a fast enough attacker:

Could you elaborate how that attacker does send those spoofed stanzas?

Regards,

Alexander Holler



More information about the Security mailing list