CVE-2009-1595

Openfire < 3.6.4 - Authenticated Password Change via Modified Username Element

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-1595. PoCs published by Daryl Herzmann.

AI-analyzed exploit summary This exploit demonstrates an authentication bypass vulnerability in Openfire by sending a crafted IQ stanza to change the password of arbitrary users without proper authorization. The vulnerability exists due to insufficient validation in the password change mechanism.

Description

The jabber:iq:auth implementation in IQAuthHandler.java in Ignite Realtime Openfire before 3.6.4 allows remote authenticated users to change the passwords of arbitrary accounts via a modified username element in a passwd_change action.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Daryl Herzmann · textremotemultiple

https://www.exploit-db.com/exploits/32967

View Code ZIP pw:eip

This exploit demonstrates an authentication bypass vulnerability in Openfire by sending a crafted IQ stanza to change the password of arbitrary users without proper authorization. The vulnerability exists due to insufficient validation in the password change mechanism.

Classification

Working Poc 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Openfire versions prior to 3.6.4

No auth needed

Prerequisites: Network access to the Openfire server · Ability to send crafted XMPP stanzas

MITRE ATT&CK