Openfire jabber:iq:auth 'passwd_change' Remote Password Change Vulnerability

Bugtraq ID: 34804
Class: Access Validation Error
CVE:
Remote: Yes
Local: No
Published: May 04 2009 12:00AM
Updated: May 05 2009 05:56PM
Credit: Daryl Herzmann
Vulnerable: Ignite Realtime Openfire 3.6.3
Ignite Realtime Openfire 3.6.2
Ignite Realtime Openfire 3.5.2
Ignite Realtime Openfire 3.5.1
Ignite Realtime Openfire 3.5
Ignite Realtime Openfire 3.4.5
Ignite Realtime Openfire 3.4.4
Ignite Realtime Openfire 3.4.3
Ignite Realtime Openfire 3.4.2
Ignite Realtime Openfire 3.4.1
Ignite Realtime Openfire 3.4
Ignite Realtime Openfire 3.3.1
Ignite Realtime Openfire 3.3
Ignite Realtime Openfire 3.6.0a
Not Vulnerable: Ignite Realtime Openfire 3.6.4


 

Privacy Statement
Copyright 2010, SecurityFocus