When updating a password in the rhvm database the ovirt-aaa-jdbc-tool tools before 1.1.3 fail to correctly check for the current password if it is expired. This would allow access to an attacker with access to change the password on accounts with expired passwords, gaining access to those accounts.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2018-07-27T18:00:00
Updated: 2024-08-05T14:02:06.983Z
Reserved: 2016-12-01T00:00:00
Link: CVE-2017-2614
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-07-27T18:29:00.687
Modified: 2019-10-09T23:26:56.633
Link: CVE-2017-2614
Redhat