IMFreedom Security

Description

If not using DNSSEC it is trivial to perform a man in the middle attack a client via DNS spoofing. You can find more discussion in the XMPP Standards Archives.

Mitigation

Removed the code that supported the _xmppconnect DNS TXT record.