OpenFire XMPP Server prior to 3.10 accepts self-signed certificates, which allows remote malicious users to perform unspecified spoofing attacks.
igniterealtime openfire