[Security] [jdev] Spoofing of iq ids and misbehaving servers

Dave Cridland dave at cridland.net
Mon Feb 3 20:55:58 UTC 2014


On Mon, Feb 3, 2014 at 8:43 PM, Thijs Alkemade <me at thijsalkema.de> wrote:

> I've filed tickets today for:
>
> XMPPFramework: https://github.com/robbiehanson/XMPPFramework/issues/300
> Strophe.js: https://github.com/strophe/strophejs/issues/56
> SleekXMPP: https://github.com/fritzy/SleekXMPP/issues/278
> Miranda-NG: http://trac.miranda-ng.org/ticket/569


It occurs to me that servers, too, may be vulnerable.

Dave.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.jabber.org/pipermail/security/attachments/20140203/78ead5ef/attachment.html>


More information about the Security mailing list