Sensitive Information Disclosure in Apache Rave User RPC API
CVE-2013-1814 · MEDIUM Severity
AV:N/AC:L/AU:S/C:P/I:N/A:N
The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
Learn more about our Cis Benchmark Audit For Apache Http Server.