Short Name |
HTTP:APACHE:RAVE-USER-RPCAPI-ID |
---|---|
Severity |
Minor |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Apache Rave RPC API Information Disclosure |
Release Date |
2017/06/02 |
Update Number |
2911 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature attempts to detect a known vulnerability on RPC API in Apache Rave. A successful attack can lead to unauthorized information disclosure.
The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.