181
edits
Difference between revisions of "Client Test Cases"
Jump to navigation
Jump to search
→Impersonation attacks
| (4 intermediate revisions by 2 users not shown) | |||
| Line 27: | Line 27: | ||
# Roster push impersonation [https://gultsch.de/gajim_roster_push_and_message_interception.html CVE-2015-8688] | # Roster push impersonation [https://gultsch.de/gajim_roster_push_and_message_interception.html CVE-2015-8688] | ||
# Carbon sender impersonation [https://rt-solutions.de/en/2017/01/cve-2017-5589_xmpp_carbons/ CVE-2017-5589] | # Carbon sender impersonation [https://rt-solutions.de/en/2017/01/cve-2017-5589_xmpp_carbons/ CVE-2017-5589] | ||
# MAM impersonation | # MAM impersonation: a <message> from a remote JID containing a <result> with a wrapped <message> | ||
# Impersonation via XEP-0297 Stanza Forwarding: Similar to the MAM impersonation but with a top-level <forward> element. Clients are supposed to clearly indicate that a message has been forwarded. Misbehaving clients might instead show the forwarded message as if it came from that person. There's also zero guarantee that a forwarded message is not in fact a forgery. | |||
= Multi User Chats = | = Multi User Chats = | ||
| Line 47: | Line 48: | ||
# The client gets banned by the MUC, with or without a message | # The client gets banned by the MUC, with or without a message | ||
# The MUC join completes, but the occupant is then silently removed, all subsequent messages get rejected (see [https://xmpp.org/extensions/xep-0410.html XEP-0410]) | # The MUC join completes, but the occupant is then silently removed, all subsequent messages get rejected (see [https://xmpp.org/extensions/xep-0410.html XEP-0410]) | ||
== MUC-PMs == | |||
TODO | |||
== Affiliation == | == Affiliation == | ||