CVE-2009-1595
CVE-2009-1595 · MEDIUM Severity
AV:N/AC:L/AU:S/C:N/I:P/A:N
The jabber:iq:auth implementation in IQAuthHandler.java in Ignite Realtime Openfire before 3.6.4 allows remote authenticated users to change the passwords of arbitrary accounts via a modified username element in a passwd_change action.
Learn more about our User Device Pen Test.