The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2022-10-03T16:14:48
Updated: 2022-10-03T16:14:48
Reserved: 2022-10-03T00:00:00
Link: CVE-2013-1814
JSON object: View
NVD Information
Status : Modified
Published: 2013-03-14T00:55:01.090
Modified: 2013-07-03T17:03:23.377
Link: CVE-2013-1814
JSON object: View
Redhat Information
No data.
CWE