Carding
Professional
- Messages
- 2,870
- Reaction score
- 2,511
- Points
- 113
The irresponsibility of administrators of more than 3,000 servers can lead to the theft of confidential information.
Despite the released security updates, thousands of Openfire servers are affected by the actively exploited critical vulnerability CVE-2023-32315 (CVSS: 7.5).
Openfire is a popular open chat server (XMPP) based on Java and downloaded more than 9 million times. The vulnerability allows an unauthorized attacker to create new administrator accounts and download malicious plugins.
In May 2023, it was discovered that versions of Openfire starting with 3.10.0 (April 2015) were affected by an authentication bypass vulnerability . Developers have released several security updates (versions 4.6.8, 4.7.5, and 4.8.0). However, in June there were already reports that the vulnerability is actively exploited on non-updated servers.
VulnCheck noted that many server administrators are in no hurry to install updates. According to VulnCheck, about 3,000 servers are still vulnerable.
Currently, there are 6324 Openfire servers with open Internet access, of which half (3162 servers) are still at risk of infection due to the use of outdated software versions.
In addition, the VulnCheck report revealed a new, more secretive method of exploiting the vulnerability. Unlike the existing methods, which are easily detected in audit logs, the new method allows attackers to download malicious plugins without creating an administrator account, which makes the attack less noticeable.
The vulnerability is already actively exploited in real-world conditions (In The Wild, ITW), including for installing the Kinsing cryptominer. The appearance of a new method of exploitation can cause a second wave of attacks, which will be even more powerful and dangerous.
Openfire server administrators are strongly encouraged to upgrade their systems to secure versions as soon as possible to prevent possible cyber attacks and leaks of confidential information.
Despite the released security updates, thousands of Openfire servers are affected by the actively exploited critical vulnerability CVE-2023-32315 (CVSS: 7.5).
Openfire is a popular open chat server (XMPP) based on Java and downloaded more than 9 million times. The vulnerability allows an unauthorized attacker to create new administrator accounts and download malicious plugins.
In May 2023, it was discovered that versions of Openfire starting with 3.10.0 (April 2015) were affected by an authentication bypass vulnerability . Developers have released several security updates (versions 4.6.8, 4.7.5, and 4.8.0). However, in June there were already reports that the vulnerability is actively exploited on non-updated servers.
VulnCheck noted that many server administrators are in no hurry to install updates. According to VulnCheck, about 3,000 servers are still vulnerable.
Currently, there are 6324 Openfire servers with open Internet access, of which half (3162 servers) are still at risk of infection due to the use of outdated software versions.
In addition, the VulnCheck report revealed a new, more secretive method of exploiting the vulnerability. Unlike the existing methods, which are easily detected in audit logs, the new method allows attackers to download malicious plugins without creating an administrator account, which makes the attack less noticeable.
The vulnerability is already actively exploited in real-world conditions (In The Wild, ITW), including for installing the Kinsing cryptominer. The appearance of a new method of exploitation can cause a second wave of attacks, which will be even more powerful and dangerous.
Openfire server administrators are strongly encouraged to upgrade their systems to secure versions as soon as possible to prevent possible cyber attacks and leaks of confidential information.
