CVE-2022-32389-Swift XMPP Client Desktop 4.0.2 has a Hard-coded Password affecting various sectors (Military, Finance and Government)


On June 1st, Our Green Tick security team was taking a snap-shot of the registry before and after installation in order to see what changes were being made in the registry and our team discovered hard-coded credentials and exposed (username, windows password, certificates, etc.) at Swift XMPP client. 

Swift Desktop is a multi-platform XMPP client for instant messaging and multi-user chat. A free and open-source client (with support packages available from Isode), it contains a number of features that make it ideal for use in secure environments such as the Military, Finance, and Government. 


The Security Team of Green Tick Nepal Pvt. Ltd. published a Proof of Concept (POC) for Isode Ltd. (Swift). The vulnerability was found in Swift XMPP client.  

Locate 'Computer\HKEY_CURRENT_USER\Software\Swift\Swift' at Registry Editor. 

swift cve