An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for Xabber (only if manually enabled: 1.0.30, 1.0.30 VIP, beta 1.0.3 - 1.0.74; Android).
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2017-02-09T20:00:00
Updated: 2024-08-05T15:04:15.481Z
Reserved: 2017-01-28T00:00:00
Link: CVE-2017-5606
Vulnrichment
No data.
NVD
Status : Modified
Published: 2017-02-09T20:59:00.527
Modified: 2024-11-21T03:27:59.543
Link: CVE-2017-5606
Redhat
No data.