Openfire < 3.6.4 Arbitrary Password Manipulation

Medium Nessus Network Monitor Plugin ID 5018

Synopsis

The remote server can be tricked into modifying user credentials

Description

The remote host is running Openfire / Wildfire, an instant messaging server supporting the XMPP protocol. According to its version, the installation of Openfire or Wildfire is affected by a vulnerability which would allow a remote attacker to change the password of any users. In particular, input sent to the 'passwd_change' parameter of the jabber: iq: auth routine is not sufficiently sanitized. An attacker, exploiting this flaw, would be able to gain access to any user account.

Solution

Upgrade to Openfire version 3.6.4 or later.

See Also

http://www.igniterealtime.org/builds/openfire/docs/latest/changelog.html

Plugin Details

Severity: Medium

ID: 5018

Family: CGI

Published: 2004/08/18

Modified: 2018/07/11

Dependencies: 1442

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 6.5

Temporal Score: 5.4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 6.3

Temporal Score: 5.9

Vector: CVSS3#AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:igniterealtime:openfire

Reference Information

CVE: CVE-2009-1595, CVE-2009-1596

BID: 34804