Security News > 2023 > August > Thousands of Unpatched Openfire XMPP Servers Still Exposed to High-Severity Flaw

Thousands of Unpatched Openfire XMPP Servers Still Exposed to High-Severity Flaw
2023-08-24 08:21

Thousands of Openfire XMPP servers are unpatched against a recently disclosed high-severity flaw and are susceptible to a new exploit, according to a new report from VulnCheck.

"A later upgrade of the embedded web server included support for non-standard URL encoding of UTF-16 characters. The path traversal protections in place in Openfire were not updated to include protection against this new encoding."

A Shodan scan conducted by the cybersecurity firm reveals that of more than 6,300 Openfire servers accessible over the internet, roughly 50% of them are running affected versions of the open-source XMPP solution.

Elaborating on the modus operandi of the existing exploits, security researcher Jacob Baines said they involve "Creating an admin user to gain access to the Openfire Plugins interface."

"The plugin system allows administrators to add, more or less, arbitrary functionality to Openfire via uploaded Java JARs. This is, very obviously, a place to transition from authentication bypass to remote code execution."

The only tell-tale signs that something malicious is afoot are the logs captured in the openfire.


News URL

https://thehackernews.com/2023/08/thousands-of-unpatched-openfire-xmpp.html