icon

We found results for “

CVE-2009-1596

Good to know:

icon
icon

Date: May 11, 2009

Ignite Realtime Openfire before 3.6.5 does not properly implement the register.password (aka canChangePassword) console configuration setting, which allows remote authenticated users to bypass intended policy and change their own passwords via a passwd_change IQ packet.

Language: Java

Severity Score

Severity Score

Weakness Type (CWE)

Configuration

CWE-16

Top Fix

icon

Upgrade Version

Upgrade to version 3.6.5

Learn More

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): LOW
Authentication (AU): SINGLE
Confidentiality (C): NONE
Integrity (I): PARTIAL
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us