CVE-2009-1595
CVE-2009-1595
The jabber:iq:auth implementation in IQAuthHandler.java in Ignite Realtime Openfire before 3.6.4 allows remote authenticated users to change the passwords of arbitrary accounts via a modified username element in a passwd_change action.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/32967unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://osvdb.org/54189http://secunia.com/advisories/34976https://exchange.xforce.ibmcloud.com/vulnerabilities/50292http://www.igniterealtime.org/builds/openfire/docs/latest/changelog.htmlhttp://www.igniterealtime.org/community/message/190280http://www.igniterealtime.org/issues/browse/JM-1531http://www.securityfocus.com/bid/34804http://www.vupen.com/english/advisories/2009/1237