Ovirt · Ovirt-Aaa-Jdbc-Tool · CVE-2017-2614
Name of the Vulnerable Software and Affected Versions:
ovirt-aaa-jdbc-tool versions prior to 1.1.3
Description:
The issue allows an attacker to change passwords on accounts with expired passwords, gaining access to those accounts, due to a failure in correctly checking the current password when updating it in the rhvm database.
Recommendations:
For versions prior to 1.1.3, update to version 1.1.3 or later to resolve the issue. As a temporary workaround, consider restricting access to password change functionality for accounts with expired passwords until the update is applied.