Password Change Vulnerability in OpenStack Horizon API
CVE-2013-4471

Currently unrated

Key Information:

Vendor: Openstack
Status: Horizon
Vendor: CVE Published:; 14 May 2014

What is CVE-2013-4471?

The Identity v3 API in OpenStack Dashboard (Horizon) prior to version 2013.2 allows authenticated users to change passwords without providing their current password. This deficiency can be exploited by remote attackers who have acquired the authentication token of a user, thereby enabling unauthorized password alterations and posing a significant risk to user account security.

References

http://lists.openstack.org/pipermail/openstack/2013-Novem...

mailing-listx_refsource_MLIST

https://bugs.launchpad.net/horizon/+bug/1237989

x_refsource_CONFIRM

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 14, 2014
Vulnerability Reserved
Jun 12, 2013

Openstack

What is CVE-2013-4471?

References

Timeline