XMPP Service Operators - 2023-09-30

  1. moparisthebest

    Oof patch your servers https://www.bleepingcomputer.com/news/security/hackers-actively-exploiting-openfire-flaw-to-encrypt-servers/

  2. kainan

    is that the old issue from feburary?

  3. moparisthebest

    Old issue but now it's being widely exploited

  4. Guus

    The issue has been actively exploited for months, to the point that I'm fairly sure that any unpatched server was long ago breached. This article is mostly one of many rehashes. A new wave of articles seems to pop up every few weeks, with nothing new in it.

  5. Guus

    That said, do upgrade ASAP if you haven't.

  6. Guus

    https://discourse.igniterealtime.org/t/cve-2023-32315-openfire-vulnerability-update/