[jdev] [Security] Spoofing of iq ids and misbehaving servers
Mark Doliner
mark at kingant.net
Sat Feb 1 18:57:11 UTC 2014
On Sat, Feb 1, 2014 at 6:21 AM, Alexander Holler <holler at ahsoftware.de> wrote:
> I'm able to read. How do you send that reply?
The malicious user is logged into the user's XMPP server with another
account. The reply is sent as a normal IQ reply stanza from the
malicious user's client to the server, and is then routed to the
target user.
More information about the JDev
mailing list