Ignite Realtime Openfire before 3.6.5 does not properly implement the register.password (aka canChangePassword) console configuration setting, which allows remote authenticated users to bypass intended policy and change their own passwords via a passwd_change IQ packet.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-05-11T14:02:00

Updated: 2024-08-07T05:20:34.723Z

Reserved: 2009-05-11T00:00:00

Link: CVE-2009-1596

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2009-05-11T14:30:00.343

Modified: 2024-11-21T01:02:52.003

Link: CVE-2009-1596

cve-icon Redhat

No data.