web analytics

Thousands of Openfire Servers at Risk from Critical CVE – Source: heimdalsecurity.com

Rate this post

Source: heimdalsecurity.com – Author: Mihaela Popa

Over 3,000 Openfire servers have yet to be updated against a critical security vulnerability. Tracked as CVE-2023-32315, the flaw has been actively exploited for more than two months, putting unpatched servers at significant risk.

Upon a Closer Look

Openfire, a widely used cross-platform real-time collaboration server written in Java, has gained immense popularity due to its compatibility with the XMPP protocol and its user-friendly web interface for administration. However, this popularity has also attracted the attention of threat actors seeking to exploit security weaknesses.

The vulnerability, which affects versions of Openfire from as far back as 2015, is centered around an authentication bypass issue within Openfire’s administration console.

The CVE-2023-32315 vulnerability allows unauthenticated attackers to gain access to restricted sections of the admin console, creating a potential pathway for malicious activities.

The CVE has already been leveraged by threat actors to create new admin accounts and install remote web shells, granting them unauthorized access and control over compromised servers.

Lacking Updates

What’s particularly concerning is that while updates to address this vulnerability have been available for several months, a significant number of Openfire servers remain unprotected.

According to research, approximately 50% of internet-facing Openfire servers are still utilizing vulnerable versions. This leaves them exposed to potential exploitation, despite the known risks.

One factor contributing to the slower adoption of security patches is the fact that existing public exploits typically involve creating admin accounts, leaving detectable traces in audit logs.

However, there is a more discreet method of exploitation. By utilizing a newly discovered exploit path, attackers can avoid the creation of admin accounts altogether. This stealthier approach enables attackers to upload malicious plugins without triggering the usual alerts, making their actions harder to detect and trace.

The urgency to address this vulnerability cannot be overstated. Openfire server administrators must take immediate action and they can do so by upgrading to the latest, patched versions of Openfire. This way, server administrators can significantly reduce the risk of compromise and protect sensitive data from falling into the wrong hands.

If you liked this article, follow us on LinkedInTwitterFacebook, and YouTube for more cybersecurity news and topics.

If you liked this post, you will enjoy our newsletter.

Get cybersecurity updates you’ll actually want to read directly in your inbox.

Original Post URL: https://heimdalsecurity.com/blog/thousands-of-openfire-servers-at-risk-from-critical-cve/

Category & Tags: Cybersecurity News – Cybersecurity News

Views: 1

LinkedIn
Twitter
Facebook
WhatsApp
Email

advisor pick´S post