CVE-2009-1595

CVE-2009-1595 · MEDIUM Severity

AV:N/AC:L/AU:S/C:N/I:P/A:N

The jabber:iq:auth implementation in IQAuthHandler.java in Ignite Realtime Openfire before 3.6.4 allows remote authenticated users to change the passwords of arbitrary accounts via a modified username element in a passwd_change action.

Learn more about our User Device Pen Test.