openfire -- Openfire No Password Changes Security Bypass

ID E3E30D99-58A8-4A3F-8059-A8B7CD59B881
Type freebsd
Reporter FreeBSD
Modified 2010-05-02T00:00:00


Secunia reports:

A vulnerability has been reported in Openfire which can be exploited by malicious users to bypass certain security restrictions. The vulnerability is caused due to Openfire not properly respecting the no password changes setting which can be exploited to change passwords by sending jabber:iq:auth passwd_change requests to the server.