An incorrect implementation of "XEP-0280: Message Carbons" in multiple XMPP clients allows a remote attacker to impersonate any user, including contacts, in the vulnerable application's display. This allows for various kinds of social engineering attacks. This CVE is for yaxim and Bruno (0.8.6 - 0.8.8; Android).
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-20,CWE-346,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| yaxim | bruno | 0.8.6 |
| yaxim | yaxim | 0.8.6 |
| yaxim | yaxim | 0.8.8 |
| yaxim | bruno | 0.8.7 |
| yaxim | bruno | 0.8.8 |
| yaxim | yaxim | 0.8.7 |