The remote server can be tricked into modifying user credentials
The remote host is running Openfire / Wildfire, an instant messaging server supporting the XMPP protocol. According to its version, the installation of Openfire or Wildfire is affected by a vulnerability which would allow a remote attacker to change the password of any users. In particular, input sent to the 'passwd_change' parameter of the jabber: iq: auth routine is not sufficiently sanitized. An attacker, exploiting this flaw, would be able to gain access to any user account.
Upgrade to Openfire version 3.6.4 or later.