CVE-2009-1596

Name of the Vulnerable Software and Affected Versions: Openfire versions prior to 3.6.5

Description: The issue is related to the improper implementation of the register.password (also known as canChangePassword) console configuration setting. This allows remote authenticated users to bypass the intended policy and change their own passwords via a passwd change IQ packet.

Recommendations: For versions prior to 3.6.5, update to version 3.6.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the passwd change IQ packet to minimize the risk of exploitation.