What is CVE-2013-1814?

CVE-2013-1814 is a vulnerability in Apache Rave, classified under Information Disclosure. Published 2013-03-14.

Is CVE-2013-1814 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Information disclosure in Apache Rave

CVE-2013-1814

The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes i…

Vulnerability class: Information Disclosure

EPSS: 0.830 (99.3th percentile) — read the EPSS interpretation.

Affected products

Apache Rave — versions 0.11, 0.12, 0.13
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

Public proof-of-concept exploits

References

24744 (exploit, x_refsource_EXPLOIT-DB)
20130312 [CVE-2013-1814] Apache Rave exposes User over API (mailing-list, Exploit, x_refsource_BUGTRAQ)

Frequently asked questions

What is CVE-2013-1814?: CVE-2013-1814 is a vulnerability in Apache Rave, classified under Information Disclosure. Published 2013-03-14.
Is CVE-2013-1814 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.