The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demonstrated by discovering password hashes in the password field of a response.
archives.neohapsis.com/archives/bugtraq/2013-03/0078.html
www.exploit-db.com/exploits/24744
github.com/apache/rave
github.com/apache/rave/commit/546edbaacfcb7b3fcc81aafe37a5c58e401b66c6
nvd.nist.gov/vuln/detail/CVE-2013-1814
web.archive.org/web/20130512040207/archives.neohapsis.com/archives/bugtraq/2013-03/0078.html