CVE-2013-4471

Currently unrated

Key Information:

Vendor: Openstack
Status: Horizon
Vendor: CVE Published:; 14 May 2014

Summary

The Identity v3 API in OpenStack Dashboard (Horizon) before 2013.2 does not require the current password when changing passwords for user accounts, which makes it easier for remote attackers to change a user password by leveraging the authentication token for that user.

References

http://lists.openstack.org/pipermail/openstack/2013-Novem...

mailing-listx_refsource_MLIST

https://bugs.launchpad.net/horizon/+bug/1237989

x_refsource_CONFIRM

Timeline

Vulnerability published
May 14, 2014
Vulnerability Reserved
Jun 12, 2013