Ignite Realtime Openfire before 3.6.5 does not properly implement the register.password (aka canChangePassword) console configuration setting, which allows remote authenticated users to bypass intended policy and change their own passwords via a passwd_change IQ packet.
References
Link | Resource |
---|---|
http://secunia.com/advisories/34984 | Broken Link Vendor Advisory |
http://www.igniterealtime.org/community/message/190280 | Exploit Issue Tracking Patch Vendor Advisory |
http://www.igniterealtime.org/issues/browse/JM-1532 | Patch Permissions Required Vendor Advisory |
http://www.osvdb.org/54189 | Broken Link |
http://www.securityfocus.com/bid/34804 | Broken Link Exploit Patch Third Party Advisory VDB Entry |
https://exchange.xforce.ibmcloud.com/vulnerabilities/50291 | Third Party Advisory VDB Entry |
http://secunia.com/advisories/34984 | Broken Link Vendor Advisory |
http://www.igniterealtime.org/community/message/190280 | Exploit Issue Tracking Patch Vendor Advisory |
http://www.igniterealtime.org/issues/browse/JM-1532 | Patch Permissions Required Vendor Advisory |
http://www.osvdb.org/54189 | Broken Link |
http://www.securityfocus.com/bid/34804 | Broken Link Exploit Patch Third Party Advisory VDB Entry |
https://exchange.xforce.ibmcloud.com/vulnerabilities/50291 | Third Party Advisory VDB Entry |
Configurations
History
21 Nov 2024, 01:02
Type | Values Removed | Values Added |
---|---|---|
References | () http://secunia.com/advisories/34984 - Broken Link, Vendor Advisory | |
References | () http://www.igniterealtime.org/community/message/190280 - Exploit, Issue Tracking, Patch, Vendor Advisory | |
References | () http://www.igniterealtime.org/issues/browse/JM-1532 - Patch, Permissions Required, Vendor Advisory | |
References | () http://www.osvdb.org/54189 - Broken Link | |
References | () http://www.securityfocus.com/bid/34804 - Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/50291 - Third Party Advisory, VDB Entry |
13 Feb 2024, 17:43
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:igniterealtime:openfire:3.2.4:*:*:*:*:*:*:* cpe:2.3:a:igniterealtime:openfire:2.6.2:*:*:*:*:*:*:* cpe:2.3:a:igniterealtime:openfire:3.5.2:*:*:*:*:*:*:* cpe:2.3:a:igniterealtime:openfire:3.0.0:*:*:*:*:*:*:* cpe:2.3:a:igniterealtime:openfire:3.1.1:*:*:*:*:*:*:* cpe:2.3:a:igniterealtime:openfire:3.2.1:*:*:*:*:*:*:* cpe:2.3:a:igniterealtime:openfire:3.0.1:*:*:*:*:*:*:* cpe:2.3:a:igniterealtime:openfire:3.6.0a:*:*:*:*:*:*:* cpe:2.3:a:igniterealtime:openfire:3.6.2:*:*:*:*:*:*:* cpe:2.3:a:igniterealtime:openfire:3.4.3:*:*:*:*:*:*:* cpe:2.3:a:igniterealtime:openfire:2.6.1:*:*:*:*:*:*:* cpe:2.3:a:igniterealtime:openfire:3.2.2:*:*:*:*:*:*:* cpe:2.3:a:igniterealtime:openfire:3.5.0:*:*:*:*:*:*:* cpe:2.3:a:igniterealtime:openfire:3.5.1:*:*:*:*:*:*:* cpe:2.3:a:igniterealtime:openfire:3.2.3:*:*:*:*:*:*:* cpe:2.3:a:igniterealtime:openfire:3.3.2:*:*:*:*:*:*:* cpe:2.3:a:igniterealtime:openfire:3.6.1:*:*:*:*:*:*:* cpe:2.3:a:igniterealtime:openfire:3.4.0:*:*:*:*:*:*:* cpe:2.3:a:igniterealtime:openfire:3.4.2:*:*:*:*:*:*:* cpe:2.3:a:igniterealtime:openfire:3.4.1:*:*:*:*:*:*:* cpe:2.3:a:igniterealtime:openfire:3.6.3:*:*:*:*:*:*:* cpe:2.3:a:igniterealtime:openfire:3.3.0:*:*:*:*:*:*:* cpe:2.3:a:igniterealtime:openfire:2.6.0:*:*:*:*:*:*:* cpe:2.3:a:igniterealtime:openfire:3.4.5:*:*:*:*:*:*:* cpe:2.3:a:igniterealtime:openfire:3.6.0:*:*:*:*:*:*:* cpe:2.3:a:igniterealtime:openfire:3.4.4:*:*:*:*:*:*:* cpe:2.3:a:igniterealtime:openfire:3.1.0:*:*:*:*:*:*:* cpe:2.3:a:igniterealtime:openfire:3.3.3:*:*:*:*:*:*:* |
|
References | (SECUNIA) http://secunia.com/advisories/34984 - Broken Link, Vendor Advisory | |
References | (BID) http://www.securityfocus.com/bid/34804 - Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry | |
References | (CONFIRM) http://www.igniterealtime.org/community/message/190280 - Exploit, Issue Tracking, Patch, Vendor Advisory | |
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/50291 - Third Party Advisory, VDB Entry | |
References | (CONFIRM) http://www.igniterealtime.org/issues/browse/JM-1532 - Patch, Permissions Required, Vendor Advisory | |
References | (OSVDB) http://www.osvdb.org/54189 - Broken Link | |
CVSS |
v2 : v3 : |
v2 : 4.0
v3 : 6.5 |
CWE | CWE-287 |
Information
Published : 2009-05-11 14:30
Updated : 2024-11-21 01:02
NVD link : CVE-2009-1596
Mitre link : CVE-2009-1596
CVE.ORG link : CVE-2009-1596
JSON object : View
Products Affected
igniterealtime
- openfire
CWE
CWE-287
Improper Authentication