Vulnerabilities > Igniterealtime > Openfire > 3.6.0a
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-05-11 | CVE-2009-1595 | Improper Authentication vulnerability in Igniterealtime Openfire The jabber:iq:auth implementation in IQAuthHandler.java in Ignite Realtime Openfire before 3.6.4 allows remote authenticated users to change the passwords of arbitrary accounts via a modified username element in a passwd_change action. | 4.0 |