Hackers Actively Exploiting Openfire Flaw to Encrypt Servers
Hackers are actively exploiting a vulnerability in Openfire messaging servers to encrypt servers with ransomware and deploy cryptominers. The flaw, tracked as CVE-2023-32315, allows attackers to bypass authentication and create new admin accounts, which they use to install malicious Java plugins. This vulnerability affects Openfire versions from 3.10.0 to 4.7.4. Despite fixes being available, thousands of servers are still running vulnerable versions. Dr. Web has observed active exploitation of the flaw since June 2023. Attackers have been using the vulnerability to install ransomware, cryptominers, and backdoors. It is recommended to apply security updates promptly to protect against these attacks.