• info
• discussion
• exploit
• solution
• references

Openfire jabber:iq:auth 'passwd_change' Remote Password Change Vulnerability

Solution:
The vendor has released an update. Please see the references for details.


Ignite Realtime Openfire 3.6.0a

• Ignite Realtime openfire_3_6_4.tar.gz
  http://www.igniterealtime.org/downloads/download-landing.jsp?file=open fire/openfire_3_6_4.tar.gz

Ignite Realtime Openfire 3.3

• Ignite Realtime openfire_3_6_4.tar.gz
  http://www.igniterealtime.org/downloads/download-landing.jsp?file=open fire/openfire_3_6_4.tar.gz

Ignite Realtime Openfire 3.3.1

• Ignite Realtime openfire_3_6_4.tar.gz
  http://www.igniterealtime.org/downloads/download-landing.jsp?file=open fire/openfire_3_6_4.tar.gz

Ignite Realtime Openfire 3.4

• Ignite Realtime openfire_3_6_4.tar.gz
  http://www.igniterealtime.org/downloads/download-landing.jsp?file=open fire/openfire_3_6_4.tar.gz

Ignite Realtime Openfire 3.4.1

• Ignite Realtime openfire_3_6_4.tar.gz
  http://www.igniterealtime.org/downloads/download-landing.jsp?file=open fire/openfire_3_6_4.tar.gz

Ignite Realtime Openfire 3.4.2

• Ignite Realtime openfire_3_6_4.tar.gz
  http://www.igniterealtime.org/downloads/download-landing.jsp?file=open fire/openfire_3_6_4.tar.gz

Ignite Realtime Openfire 3.4.3

• Ignite Realtime openfire_3_6_4.tar.gz
  http://www.igniterealtime.org/downloads/download-landing.jsp?file=open fire/openfire_3_6_4.tar.gz

Ignite Realtime Openfire 3.4.4

• Ignite Realtime openfire_3_6_4.tar.gz
  http://www.igniterealtime.org/downloads/download-landing.jsp?file=open fire/openfire_3_6_4.tar.gz

Ignite Realtime Openfire 3.4.5

• Ignite Realtime openfire_3_6_4.tar.gz
  http://www.igniterealtime.org/downloads/download-landing.jsp?file=open fire/openfire_3_6_4.tar.gz

Ignite Realtime Openfire 3.5

• Ignite Realtime openfire_3_6_4.tar.gz
  http://www.igniterealtime.org/downloads/download-landing.jsp?file=open fire/openfire_3_6_4.tar.gz

Ignite Realtime Openfire 3.5.1

• Ignite Realtime openfire_3_6_4.tar.gz
  http://www.igniterealtime.org/downloads/download-landing.jsp?file=open fire/openfire_3_6_4.tar.gz

Ignite Realtime Openfire 3.5.2

• Ignite Realtime openfire_3_6_4.tar.gz
  http://www.igniterealtime.org/downloads/download-landing.jsp?file=open fire/openfire_3_6_4.tar.gz

Ignite Realtime Openfire 3.6.2

• Ignite Realtime openfire_3_6_4.tar.gz
  http://www.igniterealtime.org/downloads/download-landing.jsp?file=open fire/openfire_3_6_4.tar.gz

Ignite Realtime Openfire 3.6.3

• Ignite Realtime openfire_3_6_4.tar.gz
  http://www.igniterealtime.org/downloads/download-landing.jsp?file=open fire/openfire_3_6_4.tar.gz