Openfire jabber:iq:auth 'passwd_change' Remote Password Change Vulnerability

Openfire jabber:iq:auth 'passwd_change' Remote Password Change Vulnerability

References:

JM-1531 Prevent users from changing other users passwords (Daryl Herzmann)
JM-1532 Openfire does not honor option to stop password changes (Daryl Herzmann)
Openfire Changelog (Ignite Realtime)
Openfire Homepage (Ignite Realtime)

Privacy Statement
Copyright 2010, SecurityFocus