The actively exploited path traversal vulnerability CVE-2023-32315, which enables unauthorized users to create new admin accounts on thousands of Openfire servers, is still present.
A popular Java-based open-source chat (XMPP) server with 9 million downloads is called Openfire.
On May 23, 2023, it was revealed that the software had an authentication bypass problem up until that point, affecting version 3.10.0, released in April 2015.
To fix the problem, Openfire engineers published security patches for versions 4.6.8, 4.7.5, and 4.8.0. The weakness was being extensively abused in June, according to reports read more Over 3000 Openfire servers vulnerable to takover attacks.
Stay informed with the best cybersecurity news and raise your cybersecurity awareness with our comprehensive coverage of the latest threats, breaches, and solutions.