ID de Prueba:	1.3.6.1.4.1.25623.1.0.800718
Categoría:	Web application abuses
Título:	Openfire < 3.6.5 Security Bypass Vulnerabilities
Resumen:	Openfire is prone to multiple security bypass vulnerabilities.
Descripción:	Summary: Openfire is prone to multiple security bypass vulnerabilities. Vulnerability Insight: - An error exists in the 'jabber:iq:auth' implementation in the IQAuthHandler.java File via a modified username element in a passwd_change action. - An error due to improper implementation of 'register.password' console configuration settings via a passwd_change IQ packet. Vulnerability Impact: Successful exploitation will let the attacker change the passwords of arbitrary accounts via a modified username element in a passwd_change action or can bypass intended policy and change their own passwords via a passwd_change IQ packet or will let the attacker bypass intended policy and change their own passwords via a passwd_change IQ packet. Affected Software/OS: Openfire prior to version 3.6.5. Solution: Update to version 3.6.5 or later. CVSS Score: 4.0 CVSS Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1595 BugTraq ID: 34804 http://www.securityfocus.com/bid/34804 http://osvdb.org/54189 http://secunia.com/advisories/34976 http://www.vupen.com/english/advisories/2009/1237 XForce ISS Database: openfire-jabberiqauth-security-bypass(50292) https://exchange.xforce.ibmcloud.com/vulnerabilities/50292 Common Vulnerability Exposure (CVE) ID: CVE-2009-1596 http://www.osvdb.org/54189 http://secunia.com/advisories/34984 XForce ISS Database: openfire-nopassword-security-bypass(50291) https://exchange.xforce.ibmcloud.com/vulnerabilities/50291
Copyright	Copyright (C) 2009 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.