Sensitive Information Disclosure in Apache Rave User RPC API

Sensitive Information Disclosure in Apache Rave User RPC API

CVE-2013-1814 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.

Learn more about our Cis Benchmark Audit For Apache Http Server.