[Security] [jdev] Spoofing of iq ids and misbehaving servers

Mark Doliner mark at kingant.net
Sat Feb 1 18:57:11 UTC 2014


On Sat, Feb 1, 2014 at 6:21 AM, Alexander Holler <holler at ahsoftware.de> wrote:
> I'm able to read. How do you send that reply?

The malicious user is logged into the user's XMPP server with another
account. The reply is sent as a normal IQ reply stanza from the
malicious user's client to the server, and is then routed to the
target user.


More information about the Security mailing list