The Identity v3 API in OpenStack Dashboard (Horizon) prior to 2013.2 does not require the current password when changing passwords for user accounts, which makes it easier for remote malicious users to change a user password by leveraging the authentication token for that user.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
openstack horizon |