CVE-2015-7707 Admin Console Privilege Escalation Vulnerability


hyp3rlinx reported that Openfire v3.10.2 suffers from a privilege escalation vulnerability.

Vulnerability Details:

  • No check is made when updating the user privileges, allowing regular user to become an admin.

  • Escalation can be done remotely too if user is logged in as no CSRF token exist.

Exploit code(s):

Full Details:




Simon Waters
December 16, 2016, 4:58 PM

In testing 4.1.beta a CSRF token is now provided, and tested for on /user-edit-form.jsp.

This ticket can be closed.

Dave Cridland
March 17, 2016, 6:40 PM

Pretty sure that this is just a particular exploit possible using CSRF attacks, rather than a vulnerability in itself. I'll try to see what we can do about this.

Tim Durden
January 4, 2016, 2:59 PM

Further investigation suggests that while it is possible to update user permissions via a single request, this is only possible if an admin is already logged in to the Openfire admin console. However, combined with a XSS exploit, this could be used to escalate permissions unnoticed.

Tim Durden
January 4, 2016, 2:47 PM

Originally, this ticket covered 5 security issues raised in Openfire 3.10.2. I've split these out into their own respective tickets, as below:

Your pinned fields
Click on the next to a field label to start pinning.


Dave Cridland