NVD

Id
48865  
Name
CVE-2009-1596  
Description
Ignite Realtime Openfire before 3.6.5 does not properly implement the register.password (aka canChangePassword) console configuration setting, which allows remote authenticated users to bypass intended policy and change their own passwords via a passwd_change IQ packet.  
Reject
 
CVSS Version
2  
CVSS Score
4  
Severity
Medium  
CVSS Base Score
4  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8  
CVSS Vector
(AV:N/AC:L/Au:S/C:N/I:P/A:N)  
Pub Date
2017-01-07  
Published
2009-05-11  
Modified Date
2009-05-11  
Seq
2009-1596  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
246939 48865 CVE-2009-1596 http://www.igniterealtime.org/community/message/190280  View
246940 48865 CVE-2009-1596 http://www.igniterealtime.org/issues/browse/JM-1532  View
246941 48865 CVE-2009-1596 34804  View
246942 48865 CVE-2009-1596 openfire-nopassword-security-bypass(50291)  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
43641 JVNDB-2009-004648 Ignite Realtime Openfire におけるポリシーを回避される脆弱性 Ignite Realtime Openfire は、register.password コンソールの構成設定を適切に実装しないため、ポリシーを回避される、および自身のパスワードを変更される脆弱性が存在します。 CVE-2009-1596 39027 CVE-2009-1596 48865 4 http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-004648.html 2009-04-15 2012-09-25 View