CVE-2013-4471
First published: Wed May 14 2014(Updated: )
The Identity v3 API in OpenStack Dashboard (Horizon) before 2013.2 does not require the current password when changing passwords for user accounts, which makes it easier for remote attackers to change a user password by leveraging the authentication token for that user.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OpenStack Horizon | >=2013.1<2013.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/severity
- agent/author
- agent/weakness
- agent/references
- agent/type
- agent/description
- agent/event
- agent/remedy
- agent/tags
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/openstack
- canonical/openstack horizon
- version/openstack horizon/2013.1