The Identity v3 API in OpenStack Dashboard (Horizon) before 2013.2 does not require the current password when changing passwords for user accounts, which makes it easier for remote attackers to change a user password by leveraging the authentication token for that user.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2014-05-14T19:00:00

Updated: 2024-08-06T16:45:14.609Z

Reserved: 2013-06-12T00:00:00

Link: CVE-2013-4471

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2014-05-14T19:55:10.277

Modified: 2024-11-21T01:55:38.080

Link: CVE-2013-4471

cve-icon Redhat

Severity : Moderate

Publid Date: 2013-10-08T00:00:00Z

Links: CVE-2013-4471 - Bugzilla