CVE-2013-1814 Information

Description

The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter as demonstrated by discovering password hashes in the password field of a response.

Reference

http://archives.neohapsis.com/archives/bugtraq/2013-03/0078.html http://www.exploit-db.com/exploits/24744/