Lucene search
GoogleOSV:GHSA-R62W-X9PP-JRQPHistoryMay 02, 2022 - 3:26 a.m.
Ignite Realtime Openfire Allows Users to Change Passwords of Arbitrary Accounts
2022-05-0203:26:40
Google
osv.dev
3
The jabber:iq:auth implementation in IQAuthHandler.java in Ignite Realtime Openfire before 3.6.4 allows remote authenticated users to change the passwords of arbitrary accounts via a modified username element in a passwd_change action.
References
www.igniterealtime.org/community/message/190280
download.igniterealtime.org/openfire/docs/latest/changelog.html#3.6.4
exchange.xforce.ibmcloud.com/vulnerabilities/50292
github.com/igniterealtime/Openfire
github.com/igniterealtime/Openfire/commit/97e1f08cf72e430f5cca5ba94cd20703dadb5ce5
nvd.nist.gov/vuln/detail/CVE-2009-1595
web.archive.org/web/20090518061336/www.igniterealtime.org/issues/browse/JM-1531
web.archive.org/web/20140901211944/www.securityfocus.com/bid/34804
Related
prion
prion
Design/Logic Flaw
2009-05-11 14:30:00
github
github
nvd
nvd
CVE-2009-1595
2009-05-11 14:30:00
nessus
nessus
Openfire < 3.6.4 jabber:iq:auth Crafted password_change Request Password Manipulation
2009-05-05 00:00:00
GLSA-201406-35 : Openfire: Multiple vulnerabilities
2014-07-01 00:00:00
cve
cve
CVE-2009-1595
2009-05-11 14:30:00
cvelist
cvelist
CVE-2009-1595
2009-05-11 14:02:00
openvas
openvas
Openfire < 3.6.5 Security Bypass Vulnerabilities
2009-05-18 00:00:00
Openfire Security Bypass Vulnerabilities
2009-05-18 00:00:00
Gentoo Security Advisory GLSA 201406-35
2015-09-29 00:00:00
gentoo
gentoo
Openfire: Multiple vulnerabilities
2014-06-30 00:00:00
freebsd
freebsd
openfire -- multiple vulnerabilities
2008-11-07 00:00:00