An issue in Ignite Realtime Openfire v.4.9.0 and before allows a remote malicious user to escalate privileges via the admin.authorizedJIDs system property component.