The SCRAM-SHA-1 authentication mechanism
The python-nbxmpp allows choosen nonce attacks in SCRAM-SHA-1 authentication mechanism, because it doesn't check the nonce returned from server during SCRAM-SHA-1 authentication. According to the RFC 5802 section-5.1 the following check have to be done for attribute r
The client MUST verify that the initial part of the nonce used in subsequent messages is the same as the nonce it initially specified.
The check is missing in nbxmpp/auth_nb.py, there is a remark
# TODO: Should check cnonce here.
add the missing check