CVE-2009-1595

N/A Unknown

Published: May 11, 2009 Modified: April 23, 2026

Description

The jabber:iq:auth implementation in IQAuthHandler.java in Ignite Realtime Openfire before 3.6.4 allows remote authenticated users to change the passwords of arbitrary accounts via a modified username element in a passwd_change action.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://osvdb.org/54189

Source: cve@mitre.org

http://secunia.com/advisories/34976

Source: cve@mitre.org

Vendor Advisory

http://www.igniterealtime.org/builds/openfire/docs/latest/changelog.html

Source: cve@mitre.org

Patch

http://www.igniterealtime.org/community/message/190280

Source: cve@mitre.org

Exploit Patch Vendor Advisory

http://www.igniterealtime.org/issues/browse/JM-1531

Source: cve@mitre.org

Exploit Patch Vendor Advisory

http://www.securityfocus.com/bid/34804

Source: cve@mitre.org

Exploit Patch

http://www.vupen.com/english/advisories/2009/1237

Source: cve@mitre.org

Patch Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/50292

Source: cve@mitre.org

http://osvdb.org/54189