6.5

CVE-2009-1596

Exploit
Ignite Realtime Openfire before 3.6.5 does not properly implement the register.password (aka canChangePassword) console configuration setting, which allows remote authenticated users to bypass intended policy and change their own passwords via a passwd_change IQ packet.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
IgniterealtimeOpenfire Version < 3.6.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.2% 0.641
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:N/I:P/A:N
CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

http://www.igniterealtime.org/community/message/190280
Patch
Vendor Advisory
Exploit
Issue Tracking
http://www.securityfocus.com/bid/34804
Patch
Third Party Advisory
Exploit
Broken Link
VDB Entry
http://secunia.com/advisories/34984
Vendor Advisory
Broken Link
http://www.igniterealtime.org/issues/browse/JM-1532
Patch
Vendor Advisory
Permissions Required
http://www.osvdb.org/54189
Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/50291
Third Party Advisory
VDB Entry