CVE-2009-1596

Ignite Realtime Openfire before 3.6.5 does not properly implement the register.password (aka canChangePassword) console configuration setting, which allows remote authenticated users to bypass intended policy and change their own passwords via a passwd_change IQ packet.
References
Link Resource
http://secunia.com/advisories/34984 Broken Link Vendor Advisory
http://www.igniterealtime.org/community/message/190280 Exploit Issue Tracking Patch Vendor Advisory
http://www.igniterealtime.org/issues/browse/JM-1532 Patch Permissions Required Vendor Advisory
http://www.osvdb.org/54189 Broken Link
http://www.securityfocus.com/bid/34804 Broken Link Exploit Patch Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/50291 Third Party Advisory VDB Entry
http://secunia.com/advisories/34984 Broken Link Vendor Advisory
http://www.igniterealtime.org/community/message/190280 Exploit Issue Tracking Patch Vendor Advisory
http://www.igniterealtime.org/issues/browse/JM-1532 Patch Permissions Required Vendor Advisory
http://www.osvdb.org/54189 Broken Link
http://www.securityfocus.com/bid/34804 Broken Link Exploit Patch Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/50291 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:igniterealtime:openfire:*:*:*:*:*:*:*:*

History

21 Nov 2024, 01:02

Type Values Removed Values Added
References () http://secunia.com/advisories/34984 - Broken Link, Vendor Advisory () http://secunia.com/advisories/34984 - Broken Link, Vendor Advisory
References () http://www.igniterealtime.org/community/message/190280 - Exploit, Issue Tracking, Patch, Vendor Advisory () http://www.igniterealtime.org/community/message/190280 - Exploit, Issue Tracking, Patch, Vendor Advisory
References () http://www.igniterealtime.org/issues/browse/JM-1532 - Patch, Permissions Required, Vendor Advisory () http://www.igniterealtime.org/issues/browse/JM-1532 - Patch, Permissions Required, Vendor Advisory
References () http://www.osvdb.org/54189 - Broken Link () http://www.osvdb.org/54189 - Broken Link
References () http://www.securityfocus.com/bid/34804 - Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/34804 - Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/50291 - Third Party Advisory, VDB Entry () https://exchange.xforce.ibmcloud.com/vulnerabilities/50291 - Third Party Advisory, VDB Entry

13 Feb 2024, 17:43

Type Values Removed Values Added
CPE cpe:2.3:a:igniterealtime:openfire:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:igniterealtime:openfire:3.2.4:*:*:*:*:*:*:*
cpe:2.3:a:igniterealtime:openfire:2.6.2:*:*:*:*:*:*:*
cpe:2.3:a:igniterealtime:openfire:3.5.2:*:*:*:*:*:*:*
cpe:2.3:a:igniterealtime:openfire:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:igniterealtime:openfire:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:igniterealtime:openfire:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:igniterealtime:openfire:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:igniterealtime:openfire:3.6.0a:*:*:*:*:*:*:*
cpe:2.3:a:igniterealtime:openfire:3.6.2:*:*:*:*:*:*:*
cpe:2.3:a:igniterealtime:openfire:3.4.3:*:*:*:*:*:*:*
cpe:2.3:a:igniterealtime:openfire:2.6.1:*:*:*:*:*:*:*
cpe:2.3:a:igniterealtime:openfire:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:igniterealtime:openfire:3.5.0:*:*:*:*:*:*:*
cpe:2.3:a:igniterealtime:openfire:3.5.1:*:*:*:*:*:*:*
cpe:2.3:a:igniterealtime:openfire:3.2.3:*:*:*:*:*:*:*
cpe:2.3:a:igniterealtime:openfire:3.3.2:*:*:*:*:*:*:*
cpe:2.3:a:igniterealtime:openfire:3.6.1:*:*:*:*:*:*:*
cpe:2.3:a:igniterealtime:openfire:3.4.0:*:*:*:*:*:*:*
cpe:2.3:a:igniterealtime:openfire:3.4.2:*:*:*:*:*:*:*
cpe:2.3:a:igniterealtime:openfire:3.4.1:*:*:*:*:*:*:*
cpe:2.3:a:igniterealtime:openfire:3.6.3:*:*:*:*:*:*:*
cpe:2.3:a:igniterealtime:openfire:3.3.0:*:*:*:*:*:*:*
cpe:2.3:a:igniterealtime:openfire:2.6.0:*:*:*:*:*:*:*
cpe:2.3:a:igniterealtime:openfire:3.4.5:*:*:*:*:*:*:*
cpe:2.3:a:igniterealtime:openfire:3.6.0:*:*:*:*:*:*:*
cpe:2.3:a:igniterealtime:openfire:3.4.4:*:*:*:*:*:*:*
cpe:2.3:a:igniterealtime:openfire:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:igniterealtime:openfire:3.3.3:*:*:*:*:*:*:*
References (SECUNIA) http://secunia.com/advisories/34984 - Vendor Advisory (SECUNIA) http://secunia.com/advisories/34984 - Broken Link, Vendor Advisory
References (BID) http://www.securityfocus.com/bid/34804 - Exploit, Patch (BID) http://www.securityfocus.com/bid/34804 - Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry
References (CONFIRM) http://www.igniterealtime.org/community/message/190280 - Exploit, Patch, Vendor Advisory (CONFIRM) http://www.igniterealtime.org/community/message/190280 - Exploit, Issue Tracking, Patch, Vendor Advisory
References (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/50291 - (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/50291 - Third Party Advisory, VDB Entry
References (CONFIRM) http://www.igniterealtime.org/issues/browse/JM-1532 - Patch, Vendor Advisory (CONFIRM) http://www.igniterealtime.org/issues/browse/JM-1532 - Patch, Permissions Required, Vendor Advisory
References (OSVDB) http://www.osvdb.org/54189 - (OSVDB) http://www.osvdb.org/54189 - Broken Link
CVSS v2 : 4.0
v3 : unknown
v2 : 4.0
v3 : 6.5
CWE CWE-16 CWE-287

Information

Published : 2009-05-11 14:30

Updated : 2024-11-21 01:02


NVD link : CVE-2009-1596

Mitre link : CVE-2009-1596

CVE.ORG link : CVE-2009-1596


JSON object : View

Products Affected

igniterealtime

  • openfire
CWE
CWE-287

Improper Authentication