The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
Metrics
Affected Vendors & Products
References
History
No history.

Status: PUBLISHED
Assigner: redhat
Published:
Updated: 2024-09-17T02:05:51.246Z
Reserved: 2013-02-19T00:00:00Z
Link: CVE-2013-1814

No data.

Status : Modified
Published: 2013-03-14T00:55:01.090
Modified: 2024-11-21T01:50:26.580
Link: CVE-2013-1814

No data.