[jdev] [Security] Spoofing of iq ids and misbehaving servers

Alexander Holler holler at ahsoftware.de
Sat Feb 1 09:47:06 UTC 2014

Next message: [jdev] [Security] Spoofing of iq ids and misbehaving servers
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Am 31.01.2014 22:51, schrieb Thijs Alkemade:

> These use an incrementing counter to generate ids, starting from 0. This means
> that, for example, roster retrieval always gets the same id and could be
> spoofed by a fast enough attacker:

Could you elaborate how that attacker does send those spoofed stanzas?

Regards,

Alexander Holler

Next message: [jdev] [Security] Spoofing of iq ids and misbehaving servers
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the JDev mailing list