This script is Copyright (C) 2009-2011 Tenable Network Security, Inc.
The remote host contains an application that is affected by a remote
password change vulnerability.
The remote host is running Openfire / Wildfire, an instant messaging
server supporting the XMPP protocol.
According to its version, the installation of Openfire or Wildfire
fails to verify the owner of the account before changing the password
for the account in response to an 'iq:auth' request. An authenticated
attacker can exploit this vulnerability to change the passwords for
arbitrary Openfire / Wildfire user accounts.
See also :
Upgrade to Openfire version 3.6.4 or later.
Risk factor :
Medium / CVSS Base Score : 6.5
CVSS Temporal Score : 5.4
Public Exploit Available : true