145
edits
(One intermediate revision by the same user not shown) | |||
Line 22: | Line 22: | ||
There is a hosted version of test 1. at xmpp:reject@yax.im | There is a hosted version of test 1. at xmpp:reject@yax.im | ||
= Impersonation attacks = | |||
# Roster push impersonation [https://gultsch.de/gajim_roster_push_and_message_interception.html CVE-2015-8688] | |||
# Carbon sender impersonation [https://rt-solutions.de/en/2017/01/cve-2017-5589_xmpp_carbons/ CVE-2017-5589] | |||
# MAM impersonation | |||
= Multi User Chats = | = Multi User Chats = | ||
Line 41: | Line 47: | ||
# The client gets banned by the MUC, with or without a message | # The client gets banned by the MUC, with or without a message | ||
# The MUC join completes, but the occupant is then silently removed, all subsequent messages get rejected (see [https://xmpp.org/extensions/xep-0410.html XEP-0410]) | # The MUC join completes, but the occupant is then silently removed, all subsequent messages get rejected (see [https://xmpp.org/extensions/xep-0410.html XEP-0410]) | ||
== MUC-PMs == | |||
TODO | |||
== Affiliation == | == Affiliation == |