Openfire < 3.6.4 Arbitrary Password Manipulation

medium Nessus Network Monitor Plugin ID 5018

Synopsis

The remote server can be tricked into modifying user credentials

Description

The remote host is running Openfire / Wildfire, an instant messaging server supporting the XMPP protocol. According to its version, the installation of Openfire or Wildfire is affected by a vulnerability which would allow a remote attacker to change the password of any users. In particular, input sent to the 'passwd_change' parameter of the jabber: iq: auth routine is not sufficiently sanitized. An attacker, exploiting this flaw, would be able to gain access to any user account.

Solution

Upgrade to Openfire version 3.6.4 or later.

See Also

http://www.igniterealtime.org/builds/openfire/docs/latest/changelog.html

Plugin Details

Severity: Medium

ID: 5018

Family: CGI

Published: 8/18/2004

Updated: 3/6/2019

Nessus ID: 38688

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.4

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS v3

Risk Factor: Medium

Base Score: 6.3

Temporal Score: 5.9

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:igniterealtime:openfire

Reference Information

CVE: CVE-2009-1595, CVE-2009-1596

BID: 34804