CVE-2013-1814

Name of the Vulnerable Software and Affected Versions Apache Rave versions 0.11 through 0.20

Description The issue allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter in the users/get program of the User RPC API. This can lead to the discovery of password hashes in the password field of a response.

Recommendations For Apache Rave versions 0.11 through 0.20, consider restricting access to the users/get program in the User RPC API to minimize the risk of exploitation. As a temporary workaround, avoid using the offset parameter in the affected API endpoint until the issue is resolved.