Loading
Generated remediation guidance and an executive summary. No account required.
The jabber:iq:auth implementation in IQAuthHandler.java in Ignite Realtime Openfire before 3.6.4 allows remote authenticated users to change the passwords of arbitrary accounts via a modified username element in a passwd_change action.
Use CWE-287, Igniterealtime vendor hub and Openfire product page to widen CVE-2009-1595 into its surrounding weakness, vendor, and product context.
Compare it with CVE-2023-32315, CVE-2024-25421 and CVE-2021-45967 for nearby disclosures in the same product family.