Uploaded image for project: 'Openfire (ARCHIVED)'
  1. JM-1096

HTTP Binding Can Allow Packets To Be Sent On Behalf Of Other Users

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Blocker
    • Resolution: Fixed
    • Affects versions: 3.3.0, 3.3.1, 3.3.2
    • Fix versions: 3.4.0 Beta 1
    • Components: None
    • Labels:
      None

      Description

      A malicious user to set the packet's from attribute to be whatever value they choose and Openfire does not enforce this value to be correct when using HTTP binding.

        Attachments

          Activity

            People

            • Assignee:
              Alex Wenckus
              Reporter:
              Alex Wenckus
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: