CVE-2024-24766

HIGH Year: 2024
CVSS v3 Score
7.5
High
Weakness Type
CWE-204
View all →

Vulnerability Description

CasaOS-UserService provides user management functionalities to CasaOS. Starting in version 0.4.4.3 and prior to version 0.4.7, the Casa OS Login page disclosed the username enumeration vulnerability in the login page. An attacker can enumerate the CasaOS username using the application response. If the username is incorrect application gives the error `**User does not exist**`. If the password is incorrect application gives the error `**Invalid password**`. Version 0.4.7 fixes this issue.

Related Vulnerabilities

CVE-2021-20049

HIGH
CVSS:7.5(High)

A vulnerability in SonicWall SMA100 password change API allows a remote unauthenticated attacker to perform SMA100 username enumeration based on the server responses. This vulnerability impacts 10.2.1...

CWE-2042021

CVE-2021-34580

HIGH
CVSS:7.5(High)

In mymbCONNECT24, mbCONNECT24 <= 2.9.0 an unauthenticated user can enumerate valid backend users by checking what kind of response the server sends for crafted invalid login attempts.

CWE-2042021

CVE-2024-38322

HIGH
CVSS:7.5(High)

IBM Storage Defender - Resiliency Service 2.0.0 through 2.0.4 agent username and password error response discrepancy exposes product to brute force enumeration. IBM X-Force ID: 294869.

CWE-2042024

CVE-2023-46170

MEDIUM
CVSS:6.5(Medium)

IBM DS8900F HMC 89.21.19.0, 89.21.31.0, 89.30.68.0, 89.32.40.0, and 89.33.48.0 could allow an authenticated user to arbitrarily read files after enumerating file names.

CWE-2042023