Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | |||
ID de Prueba: | 1.3.6.1.4.1.25623.1.0.800718 |
Categoría: | Web application abuses |
Título: | Openfire Security Bypass Vulnerabilities |
Resumen: | This host is running Openfire, which is prone to multiple security bypass; vulnerabilities. |
Descripción: | Summary: This host is running Openfire, which is prone to multiple security bypass vulnerabilities. Vulnerability Insight: - An error exists in the 'jabber:iq:auth' implementation in the IQAuthHandler.java File via a modified username element in a passwd_change action. - An error due to improper implementation of 'register.password' console configuration settings via a passwd_change IQ packet. Vulnerability Impact: Prior to version 3.6.4: Successful exploitation will let the attacker change the passwords of arbitrary accounts via a modified username element in a passwd_change action or can bypass intended policy and change their own passwords via a passwd_change IQ packet. Prior to version 3.6.5: Successful exploitation will let the attacker bypass intended policy and change their own passwords via a passwd_change IQ packet. Affected Software/OS: Openfire prior to 3.6.4 and prior to 3.6.5. Solution: Upgrade to Openfire 3.6.4 or later. CVSS Score: 4.0 CVSS Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N |
Referencia Cruzada: |
BugTraq ID: 34804 Common Vulnerability Exposure (CVE) ID: CVE-2009-1595 http://www.securityfocus.com/bid/34804 http://osvdb.org/54189 http://secunia.com/advisories/34976 http://www.vupen.com/english/advisories/2009/1237 XForce ISS Database: openfire-jabberiqauth-security-bypass(50292) https://exchange.xforce.ibmcloud.com/vulnerabilities/50292 Common Vulnerability Exposure (CVE) ID: CVE-2009-1596 http://www.osvdb.org/54189 http://secunia.com/advisories/34984 XForce ISS Database: openfire-nopassword-security-bypass(50291) https://exchange.xforce.ibmcloud.com/vulnerabilities/50291 |
Copyright | Copyright (C) 2009 Greenbone Networks GmbH |
Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |