ports/134207: vuxml submission for net-im/openfire
Mark Foster
mark at foster.cc
Mon May 4 14:20:04 UTC 2009
>Number: 134207
>Category: ports
>Synopsis: vuxml submission for net-im/openfire
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Mon May 04 14:20:02 UTC 2009
>Closed-Date:
>Last-Modified:
>Originator: Mark Foster
>Release: 7.1 RELEASE
>Organization:
Credentia
>Environment:
>Description:
>How-To-Repeat:
>Fix:
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
<vuln vid="e3e30d99-58a8-4a3f-8059-a8b7cd59b881">
<topic>openfire -- Openfire No Password Changes Security Bypass</topic>
<affects>
<package>
<name>openfire</name>
<range><eq>3.6.3</eq></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>Secunia reports:</p>
<blockquote cite="http://secunia.com/advisories/34984/">
<p>A vulnerability has been reported in Openfire which can be exploited by malicious users to bypass certain security restrictions.
The vulnerability is caused due to Openfire not properly respecting the no password changes setting which can be exploited to change passwords by sending jabber:iq:auth passwd_change requests to the server.</p>
</blockquote>
</body>
</description>
<references>
<url>http://secunia.com/advisories/34984/</url>
</references>
<dates>
<discovery>2009-05-04</discovery>
<entry>2009-05-04</entry>
</dates>
</vuln>
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list