Daryl Herzmann

1 exploit Active since May 2009
CVE-2009-1595 EXPLOITDB text WORKING POC
Openfire < 3.6.4 - Authenticated Password Change via Modified Username Element
The jabber:iq:auth implementation in IQAuthHandler.java in Ignite Realtime Openfire before 3.6.4 allows remote authenticated users to change the passwords of arbitrary accounts via a modified username element in a passwd_change action.