"More Than 3,000 Openfire Servers Exposed to Attacks Using a New Exploit"

Vulncheck researchers found over 3,000 Openfire servers vulnerable to attacks due to a path traversal flaw, tracked as CVE-2023-32315. Openfire is a widely used Java-based open-source chat server maintained by Ignite Realtime. The vulnerability impacts the Openfire administration console. An unauthenticated threat actor could exploit the flaw to use the unauthenticated Openfire Setup Environment in an already configured Openfire environment in order to access restricted pages in the Openfire Admin Console, which is reserved for administrative users. According to the researchers, the flaw has been exploited in the wild for over two months. This article continues to discuss the exposure of over 3,000 unpatched Openfire servers to attacks.

Security Affairs reports "More Than 3,000 Openfire Servers Exposed to Attacks Using a New Exploit"