Unverified from Attribute in ParseRoster Component Allows IQ Response Spoofing
CVE-2014-0364 · MEDIUM Severity
AV:N/AC:L/AU:N/C:N/I:P/A:N
The ParseRoster component in the Ignite Realtime Smack XMPP API before 4.0.0-rc1 does not verify the from attribute of a roster-query IQ stanza, which allows remote attackers to spoof IQ responses via a crafted attribute.
Learn more about our Api Penetration Testing.