We're updating the issue view to help you get more done. 

HTTP Binding Can Allow Packets To Be Sent On Behalf Of Other Users

Description

A malicious user to set the packet's from attribute to be whatever value they choose and Openfire does not enforce this value to be correct when using HTTP binding.

Environment

None

Acceptance Test - Entry

None

Assignee

Alex Wenckus

Reporter

Alex Wenckus

Labels

None

Expected Effort

None

Ignite Forum URL

None

Fix versions

Affects versions

Priority

Blocker
Configure