HTTP Binding Can Allow Packets To Be Sent On Behalf Of Other Users

Description

A malicious user to set the packet's from attribute to be whatever value they choose and Openfire does not enforce this value to be correct when using HTTP binding.

Environment

None

Activity

Show:

Resize issue view side panel

Fixed

Details

Assignee

Alex Wenckus

Reporter

Alex Wenckus

Fix versions

3.4.0 Beta 1

Affects versions

3.3.0

3.3.1

3.3.2

Priority

Blocker

Created July 6, 2007 at 3:17 AM

Updated July 6, 2007 at 3:18 AM

Resolved July 6, 2007 at 3:18 AM