CVE-2013-4471
First published: Wed May 14 2014(Updated: )
The Identity v3 API in OpenStack Dashboard (Horizon) before 2013.2 does not require the current password when changing passwords for user accounts, which makes it easier for remote attackers to change a user password by leveraging the authentication token for that user.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OpenStack Horizon | >=2013.1<2013.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2013-4471?
CVE-2013-4471 is classified as a high severity vulnerability due to the potential for unauthorized password changes.
How do I fix CVE-2013-4471?
To fix CVE-2013-4471, upgrade to OpenStack Dashboard (Horizon) version 2013.2 or later.
What systems are affected by CVE-2013-4471?
CVE-2013-4471 affects OpenStack Dashboard (Horizon) versions prior to 2013.2.
What type of vulnerability is CVE-2013-4471?
CVE-2013-4471 is a security vulnerability that allows attackers to change user passwords without authentication.
What can attackers do with CVE-2013-4471?
Attackers can exploit CVE-2013-4471 to change a user's password using their authentication token, compromising their account.
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/author
- agent/last-modified-date
- agent/remedy
- agent/description
- agent/tags
- agent/first-publish-date
- agent/event
- agent/source
- vendor/openstack
- canonical/openstack horizon
- version/openstack horizon/2013.1