They may be able to affect the order of messages by spamming millions of crafted messages to your client
They may be able to intercept messages for a server (not decrypt, just get in the middle) by sending billions of crafted messages to the server
The crypto does too much work on data before validating it wasn't tampered with (checks the decrypted contents with a checksum, not the encrypted payload)
Add comment