When updating a password in the rhvm database the ovirt-aaa-jdbc-tool tools before 1.1.3 fail to correctly check for the current password if it is expired. This would allow access to an attacker with access to change the password on accounts with expired passwords, gaining access to those accounts.
References
Link | Resource |
---|---|
http://rhn.redhat.com/errata/RHSA-2017-0257.html | Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2614 | Issue Tracking Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: redhat
Published: 2018-07-27T18:00:00
Updated: 2018-07-28T09:57:01
Reserved: 2016-12-01T00:00:00
Link: CVE-2017-2614
JSON object: View
NVD Information
Status : Modified
Published: 2018-07-27T18:29:00.687
Modified: 2019-10-09T23:26:56.633
Link: CVE-2017-2614
JSON object: View
Redhat Information
No data.