When updating a password in the rhvm database the ovirt-aaa-jdbc-tool tools before 1.1.3 fail to correctly check for the current password if it is expired. This would allow access to an attacker with access to change the password on accounts with expired passwords, gaining access to those accounts.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2018-07-27T18:00:00

Updated: 2024-08-05T14:02:06.983Z

Reserved: 2016-12-01T00:00:00

Link: CVE-2017-2614

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2018-07-27T18:29:00.687

Modified: 2024-11-21T03:23:50.067

Link: CVE-2017-2614

cve-icon Redhat

Severity : Important

Publid Date: 2017-02-06T00:00:00Z

Links: CVE-2017-2614 - Bugzilla