Openfire < 3.3.1 Admin Console Privilege Escalation
Medium Nessus Network Monitor Plugin ID 4070
SynopsisThe remote web server allows unauthenticated access to its administrative console.
DescriptionThe remote host is running Openfire / Wildfire, an instant messaging server supporting the XMPP protocol.
The version of Openfire or Wildfire installed on the remote host allows unauthenticated access to a servlet, which could allow a malicious user to upload code to Openfire via its admin console.
SolutionEither firewall access to the admin console on this port or upgrade to Openfire version 3.3.1 or higher.