Description
If not using DNSSEC it is trivial to perform a man in the middle attack a client via DNS spoofing. You can find more discussion in the XMPP Standards Archives.
Mitigation
Removed the code that supported the _xmppconnect DNS TXT record.
If not using DNSSEC it is trivial to perform a man in the middle attack a client via DNS spoofing. You can find more discussion in the XMPP Standards Archives.
Removed the code that supported the _xmppconnect DNS TXT record.