HTTP Binding Can Allow Packets To Be Sent On Behalf Of Other Users

Description

A malicious user to set the packet's from attribute to be whatever value they choose and Openfire does not enforce this value to be correct when using HTTP binding.

Environment

None

Fixed

Assignee

Alex Wenckus

Reporter

Alex Wenckus

Labels

None

Expected Effort

None

Ignite Forum URL

None

Fix versions

3.4.0 Beta 1

Affects versions

3.3.1

3.3.2

3.3.0

Priority

Blocker

Configure