Admins who manage instances of the real-time collaboration server Openfire should quickly secure their systems against ongoing attacks. Despite available security updates, this has obviously not happened in all cases.
In a report, security researchers from VulnCheck warn of over 3000 publicly accessible instances that are still vulnerable. The US Cybersecurity & Infrastructure Security Agency (CISA) is now also warning of the attacks.
The security researchers state that they discovered more than 6,000 Openfire servers accessible via the public Internet during a scan. Around half of these are said to have not been patched yet.
The vulnerability (CVE-2023-32315) has a threat level of high. It is intended to make Openfire vulnerable since version 3.10.0, which was released in April 2015. The developers state that they have closed the vulnerability in versions 4.6.8 and 4.7.5. The security patch is said to be included in the 4.8 release, which has not yet been published.
Effects of Attacks
Attackers can launch a directory traversal attack at the vulnerability without authentication on the admin panel. In such a case, attackers can use certain URLs to access files and folders that are actually isolated.
After successful attacks, attackers create admin accounts and place backdoors on servers, among other things. In this way, they can still access systems later and operate Schindluder. However, there are also said to be attacks that are more difficult to detect, where no admin account is created and there are no traces in the log files. .
Go to home page
#Patch #Attackers #place #backdoors #Openfire #servers