openfire -- Openfire No Password Changes Security Bypass

2009-05-04T00:00:00
ID E3E30D99-58A8-4A3F-8059-A8B7CD59B881
Type freebsd
Reporter FreeBSD
Modified 2010-05-02T00:00:00

Description

Secunia reports:

A vulnerability has been reported in Openfire which can be exploited by malicious users to bypass certain security restrictions. The vulnerability is caused due to Openfire not properly respecting the no password changes setting which can be exploited to change passwords by sending jabber:iq:auth passwd_change requests to the server.