| Max CVSS | 4.0 | Min CVSS | 4.0 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2009-1596 | 4.0 |
Ignite Realtime Openfire before 3.6.5 does not properly implement the register.password (aka canChangePassword) console configuration setting, which allows remote authenticated users to bypass intended policy and change their own passwords via a pass
|
13-02-2024 - 17:43 | 11-05-2009 - 14:30 | |
| CVE-2009-1595 | 4.0 |
The jabber:iq:auth implementation in IQAuthHandler.java in Ignite Realtime Openfire before 3.6.4 allows remote authenticated users to change the passwords of arbitrary accounts via a modified username element in a passwd_change action.
|
17-08-2017 - 01:30 | 11-05-2009 - 14:30 |