CVE-2009-1596

Ignite Realtime Openfire before 3.6.5 does not properly implement the register.password (aka canChangePassword) console configuration setting, which allows remote authenticated users to bypass intended policy and change their own passwords via a passwd_change IQ packet.

CVSS v2.0 4.0 MEDIUM

4.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:S/C:N/I:P/A:N

Exploitability : 8.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://www.igniterealtime.org/community/message/190280	Exploit Patch Vendor Advisory
http://secunia.com/advisories/34984	Vendor Advisory
http://www.securityfocus.com/bid/34804	Exploit Patch
http://www.igniterealtime.org/issues/browse/JM-1532	Patch Vendor Advisory
http://www.osvdb.org/54189
https://exchange.xforce.ibmcloud.com/vulnerabilities/50291

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:igniterealtime:openfire:2.6.1:::::::*
	cpe:2.3:a:igniterealtime:openfire:2.6.2:::::::*
	cpe:2.3:a:igniterealtime:openfire:3.2.3:::::::*
	cpe:2.3:a:igniterealtime:openfire:3.2.4:::::::*
	cpe:2.3:a:igniterealtime:openfire:3.4.4:::::::*
	cpe:2.3:a:igniterealtime:openfire:3.4.5:::::::*
	cpe:2.3:a:igniterealtime:openfire:3.6.1:::::::*
	cpe:2.3:a:igniterealtime:openfire:3.4.2:::::::*
	cpe:2.3:a:igniterealtime:openfire:3.6.3:::::::*
	cpe:2.3:a:igniterealtime:openfire:2.6.0:::::::*
	cpe:2.3:a:igniterealtime:openfire:3.2.1:::::::*
	cpe:2.3:a:igniterealtime:openfire:3.2.2:::::::*
	cpe:2.3:a:igniterealtime:openfire:3.0.0:::::::*
	cpe:2.3:a:igniterealtime:openfire:3.0.1:::::::*
	cpe:2.3:a:igniterealtime:openfire:3.1.0:::::::*
	cpe:2.3:a:igniterealtime:openfire:3.4.0:::::::*
	cpe:2.3:a:igniterealtime:openfire:3.6.0:::::::*
	cpe:2.3:a:igniterealtime:openfire::::::::
	cpe:2.3:a:igniterealtime:openfire:3.3.2:::::::*
	cpe:2.3:a:igniterealtime:openfire:3.2.0:::::::*
	cpe:2.3:a:igniterealtime:openfire:3.5.0:::::::*
	cpe:2.3:a:igniterealtime:openfire:3.4.3:::::::*
	cpe:2.3:a:igniterealtime:openfire:3.6.0a:::::::*
	cpe:2.3:a:igniterealtime:openfire:3.6.2:::::::*
	cpe:2.3:a:igniterealtime:openfire:3.1.1:::::::*
	cpe:2.3:a:igniterealtime:openfire:3.5.2:::::::*
	cpe:2.3:a:igniterealtime:openfire:3.3.3:::::::*
	cpe:2.3:a:igniterealtime:openfire:3.5.1:::::::*
	cpe:2.3:a:igniterealtime:openfire:3.3.0:::::::*
	cpe:2.3:a:igniterealtime:openfire:3.4.1:::::::*

Information

Published : 2009-05-11 07:30

Updated : 2017-08-16 18:30

NVD link : CVE-2009-1596

Mitre link : CVE-2009-1596

JSON object : View

CWE

CWE-16

Configuration

Products Affected

igniterealtime

openfire

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.igniterealtime.org/community/message/190280", "name": "http://www.igniterealtime.org/community/message/190280", "tags": ["Exploit", "Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://secunia.com/advisories/34984", "name": "34984", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://www.securityfocus.com/bid/34804", "name": "34804", "tags": ["Exploit", "Patch"], "refsource": "BID"}, {"url": "http://www.igniterealtime.org/issues/browse/JM-1532", "name": "http://www.igniterealtime.org/issues/browse/JM-1532", "tags": ["Patch", "Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.osvdb.org/54189", "name": "54189", "tags": [], "refsource": "OSVDB"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50291", "name": "openfire-nopassword-security-bypass(50291)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Ignite Realtime Openfire before 3.6.5 does not properly implement the register.password (aka canChangePassword) console configuration setting, which allows remote authenticated users to bypass intended policy and change their own passwords via a passwd_change IQ packet."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-16"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2009-1596", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2009-05-11T14:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:igniterealtime:openfire:2.6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:igniterealtime:openfire:2.6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:igniterealtime:openfire:3.2.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:igniterealtime:openfire:3.2.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:igniterealtime:openfire:3.4.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:igniterealtime:openfire:3.4.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:igniterealtime:openfire:3.6.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:igniterealtime:openfire:3.4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:igniterealtime:openfire:3.6.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:igniterealtime:openfire:2.6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:igniterealtime:openfire:3.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:igniterealtime:openfire:3.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:igniterealtime:openfire:3.0.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:igniterealtime:openfire:3.0.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:igniterealtime:openfire:3.1.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:igniterealtime:openfire:3.4.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:igniterealtime:openfire:3.6.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:igniterealtime:openfire:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "3.6.4"}, {"cpe23Uri": "cpe:2.3:a:igniterealtime:openfire:3.3.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:igniterealtime:openfire:3.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:igniterealtime:openfire:3.5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:igniterealtime:openfire:3.4.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:igniterealtime:openfire:3.6.0a:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:igniterealtime:openfire:3.6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:igniterealtime:openfire:3.1.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:igniterealtime:openfire:3.5.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:igniterealtime:openfire:3.3.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:igniterealtime:openfire:3.5.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:igniterealtime:openfire:3.3.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:igniterealtime:openfire:3.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-17T01:30Z"}

4.0 /10