Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2009-1596 | First vendor Publication | 2009-05-11 |
Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
Cvss vector : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N | |||
---|---|---|---|
Overall CVSS Score | 6.5 | ||
Base Score | 6.5 | Environmental Score | 6.5 |
impact SubScore | 3.6 | Temporal Score | 6.5 |
Exploitabality Sub Score | 2.8 | ||
Attack Vector | Network | Attack Complexity | Low |
Privileges Required | Low | User Interaction | None |
Scope | Unchanged | Confidentiality Impact | None |
Integrity Impact | High | Availability Impact | None |
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:S/C:N/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 4 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Low |
Cvss Expoit Score | 8 | Authentication | Requires single instance |
Calculate full CVSS 2.0 Vectors scores |
Detail
Ignite Realtime Openfire before 3.6.5 does not properly implement the register.password (aka canChangePassword) console configuration setting, which allows remote authenticated users to bypass intended policy and change their own passwords via a passwd_change IQ packet. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1596 |
CAPEC : Common Attack Pattern Enumeration & Classification
Id | Name |
---|---|
CAPEC-22 | Exploiting Trust in Client (aka Make the Client Invisible) |
CAPEC-57 | Utilizing REST's Trust in the System Resource to Register Man in the Middle |
CAPEC-94 | Man in the Middle Attack |
CAPEC-114 | Authentication Abuse |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-287 | Improper Authentication |
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2009-05-18 | Name : Openfire Security Bypass Vulnerabilities File : nvt/gb_openfire_sec_bypass_vuln_may09.nasl |
2009-05-05 | Name : FreeBSD Ports: openfire File : nvt/freebsd_openfire2.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
57568 | Openfire Crafted passwd_change IQ Packet register.password (canChangePassword... |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-07-01 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201406-35.nasl - Type : ACT_GATHER_INFO |
2009-05-05 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_e3e30d9958a84a3f8059a8b7cd59b881.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2024-11-28 23:11:22 |
|
2024-11-28 12:18:55 |
|
2024-02-13 21:27:55 |
|
2021-05-05 01:05:55 |
|
2021-05-04 12:09:32 |
|
2021-04-22 01:09:53 |
|
2020-05-24 01:05:44 |
|
2020-05-23 01:40:23 |
|
2020-05-23 00:23:45 |
|
2019-08-27 12:03:01 |
|
2017-08-17 09:22:34 |
|
2016-06-28 17:41:17 |
|
2016-04-26 18:48:48 |
|
2014-07-02 13:25:50 |
|
2014-02-17 10:49:58 |
|
2013-05-10 23:50:02 |
|