Openstack · Openstack Dashboard · CVE-2013-4471
**Name of the Vulnerable Software and Affected Versions**
OpenStack Dashboard (Horizon) versions prior to 2013.2
**Description**
The issue allows remote attackers to change a user's password without requiring the current password, making it easier for them to gain unauthorized access to user accounts. This is possible by leveraging the authentication token for the targeted user account.
**Recommendations**
For versions prior to 2013.2, update to version 2013.2 or later to resolve the issue.