Openfire Admin Console login.jsp XSS

The Openfire admin console running on the remote host has a cross-site scripting vulnerability. Input to the 'username' parameter of 'login.jsp' is not properly sanitized. An attacker could exploit this by tricking a user into making a specially crafted POST request, resulting in arbitrary script...

Jive Software Openfire Jabber Server Authentication Bypass (CVE-2008-6508)

Openfire previously known as Wildfire Server is an open source Jabber/XMPP server written in Java. Jabber is an open instant messaging technology that is maintained by the community. Extensible Messaging and Presence Protocol XMPP is an open, XML-inspired protocol originally aimed at...

Openfire Security Bypass Vulnerabilities

Check for the version of Openfire OpenVAS Vulnerability Test $Id: gbopenfiresecbypassvulnmay09.nasl 3238 2016-05-06 12:54:43Z benallard $ Openfire Security Bypass Vulnerabilities May09 Authors: Sujit Ghosal Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program...

Openfire < 3.6.5 Security Bypass Vulnerabilities

Openfire is prone to multiple security bypass vulnerabilities. SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Design/Logic Flaw

The jabber:iq:auth implementation in IQAuthHandler.java in Ignite Realtime Openfire before 3.6.4 allows remote authenticated users to change the passwords of arbitrary accounts via a modified username element in a passwdchange action...

Design/Logic Flaw

Ignite Realtime Openfire before 3.6.5 does not properly implement the register.password aka canChangePassword console configuration setting, which allows remote authenticated users to bypass intended policy and change their own passwords via a passwdchange IQ packet...

CVE-2009-1595

The jabber:iq:auth implementation in IQAuthHandler.java in Ignite Realtime Openfire before 3.6.4 allows remote authenticated users to change the passwords of arbitrary accounts via a modified username element in a passwdchange action...

CVE-2009-1596

Ignite Realtime Openfire before 3.6.5 does not properly implement the register.password aka canChangePassword console configuration setting, which allows remote authenticated users to bypass intended policy and change their own passwords via a passwdchange IQ packet...

CVE-2009-1595

The jabber:iq:auth implementation in IQAuthHandler.java in Ignite Realtime Openfire before 3.6.4 allows remote authenticated users to change the passwords of arbitrary accounts via a modified username element in a passwdchange action...

CVE-2009-1596

CVE-2009-1596 affects Ignite Realtime Openfire prior to 3.6.5. The register.password (canChangePassword) console setting is not properly enforced, allowing remote authenticated users to bypass the intended policy and change their own passwords via a passwd_change IQ packet. The vulnerability enab...

CVE-2009-1596

Ignite Realtime Openfire before 3.6.5 does not properly implement the register.password aka canChangePassword console configuration setting, which allows remote authenticated users to bypass intended policy and change their own passwords via a passwdchange IQ packet...

CVE-2009-1595

The CVE-2009-1595 issue affects Ignite Realtime Openfire, where the jabber:iq:auth implementation in IQAuthHandler.java on versions before 3.6.4 allows remote authenticated users to change the passwords of arbitrary accounts by modifying the username element in a passwd_change action. This enable...

PT-2009-4084 · Ignite Realtime · Openfire

Name of the Vulnerable Software and Affected Versions: Openfire versions prior to 3.6.5 Description: The issue is related to the improper implementation of the register.password also known as canChangePassword console configuration setting. This allows remote authenticated users to bypass the...

FreeBSD Ports: openfire

The remote host is missing an update to the system as announced in the referenced advisory. VID e3e30d99-58a8-4a3f-8059-a8b7cd59b881 OpenVAS Vulnerability Test $ Description: Auto generated from VID e3e30d99-58a8-4a3f-8059-a8b7cd59b881 Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

FreeBSD : openfire -- Openfire No Password Changes Security Bypass (e3e30d99-58a8-4a3f-8059-a8b7cd59b881)

Secunia reports : A vulnerability has been reported in Openfire which can be exploited by malicious users to bypass certain security restrictions. The vulnerability is caused due to Openfire not properly respecting the no password changes setting which can be exploited to change passwords by...

Openfire < 3.6.4 jabber:iq:auth Crafted password_change Request Password Manipulation

The remote host is running Openfire / Wildfire, an instant messaging server supporting the XMPP protocol. According to its version, the installation of Openfire or Wildfire fails to verify the owner of the account before changing the password for the account in response to an 'iq:auth' request. A...

FreeBSD Ports: openfire

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

Openfire 3.x - jabber:iq:auth passwd_change Remote Password Change

Openfire 3.x - jabber:iq:auth passwdchange Remote Password Change source: https://www.securityfocus.com/bid/34804/info Openfire is prone to a vulnerability that can permit an attacker to change the password of arbitrary users. Exploiting this issue can allow the attacker to gain unauthorized acce...

Openfire 3.x - jabber:iq:auth &#039;passwd_change&#039; Remote Password Change

source: https://www.securityfocus.com/bid/34804/info Openfire is prone to a vulnerability that can permit an attacker to change the password of arbitrary users. Exploiting this issue can allow the attacker to gain unauthorized access to the affected application and to completely compromise victim...

openfire -- Openfire No Password Changes Security Bypass

Secunia reports: A vulnerability has been reported in Openfire which can be exploited by malicious users to bypass certain security restrictions. The vulnerability is caused due to Openfire not properly respecting the no password changes setting which can be exploited to change passwords by sendi...