Ignite Realtime Openfire before 3.6.5 does not properly implement the register.password (aka canChangePassword) console configuration setting, which allows remote authenticated users to bypass intended policy and change their own passwords via a passwd_change IQ packet.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2009-05-11T14:02:00
Updated: 2024-08-07T05:20:34.723Z
Reserved: 2009-05-11T00:00:00
Link: CVE-2009-1596
Vulnrichment
No data.
NVD
Status : Modified
Published: 2009-05-11T14:30:00.343
Modified: 2024-11-21T01:02:52.003
Link: CVE-2009-1596
Redhat
No data.