CVE-2023-32315 - GitHub Advisory Database
Administration Console authentication bypass in openfire xmppserver
github.com
-
XSS.stack #1 – первый литературный журнал от юзеров форума
Web Path traversal, XMPP Openfire, CVE-2023-32315
- Автор темы whyban
- Дата начала
это на xmpp server?
- Автор темы
- Добавить закладку
- #4
openfire xmpp server
- Автор темы
- Добавить закладку
- #5
To test if an instance of Openfire is affected, follow these steps. Open a browser in incognito mode, or otherwise ensure that there is no authenticated session with the Openfire admin console. Open the following URL (possibly modified for the hostname of the server that is running Openfire):
If this shows part of the openfire logfiles, then the instance of Openfire is affected by this vulnerability. Note that different versions of Openfire will show a different layout. Newer versions of Openfire can be expected to show log files on a dark background, while older versions will show a largely white page. (Depending on the content of the log file, this page might be empty, apart from a header!)
If there's a redirect to the login page, the instance is likely unaffected.