Openfire jabber:iq:auth 'passwd_change' Remote Password Change Vulnerability

Bugtraq ID: 34804
Class: Access Validation Error
CVE: CVE-2009-1595
CVE-2009-1596
Remote: Yes
Local: No
Published: May 04 2009 12:00AM
Updated: Mar 19 2015 09:03AM
Credit: Daryl Herzmann
Vulnerable: Ignite Realtime Openfire 3.6.3
Ignite Realtime Openfire 3.6.2
Ignite Realtime Openfire 3.5.2
Ignite Realtime Openfire 3.5.1
Ignite Realtime Openfire 3.5
Ignite Realtime Openfire 3.4.5
Ignite Realtime Openfire 3.4.4
Ignite Realtime Openfire 3.4.3
Ignite Realtime Openfire 3.4.2
Ignite Realtime Openfire 3.4.1
Ignite Realtime Openfire 3.4
Ignite Realtime Openfire 3.3.1
Ignite Realtime Openfire 3.3
Ignite Realtime Openfire 3.6.0a
Gentoo Linux
Not Vulnerable: Ignite Realtime Openfire 3.6.4


 

Privacy Statement
Copyright 2010, SecurityFocus