HTTP Binding Can Allow Packets To Be Sent On Behalf Of Other Users

A malicious user to set the packet's from attribute to be whatever value they choose and Openfire does not enforce this value to be correct when using HTTP binding.