Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
githubGitHub Advisory DatabaseGHSA-HCW2-2R9C-GC6P
HistoryApr 01, 2024 - 3:48 p.m.

CasaOS Username Enumeration - Bypass of CVE-2024-24766

2024-04-0115:48:15
CWE-204
GitHub Advisory Database
github.com
9
casaos
username enumeration
vulnerability
patched
error responses

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.3

Confidence

Low

EPSS

0

Percentile

15.5%

JSON

Summary

The Casa OS Login page has disclosed the username enumeration vulnerability in the login page which was patched in CasaOS v0.4.7.

Details

It is observed that the attacker can enumerate the CasaOS username using the application response. If the username is incorrect the application gives the error “User does not exist” with success code “10006”, If the password is incorrect the application gives the error “User does not exist or password is invalid” with success code “10013”.

PoC

  1. If the Username is invalid application gives “User does not exist” with success code “10006”.

1

  1. If the Password is invalid application gives “User does not exist or password is invalid” with success code “10013”.

2

Impact

Using this error attacker can enumerate the username of CasaOS.

The logic behind the issue

The logic behind the issue
If the username is incorrect, then throw an error “User does not exist” with success code “10006”, else throw an error “User does not exist or password is invalid” with success code “10013”.

This condition can be vice versa like:

If the password is incorrect, then throw an error “User does not exist or password is invalid” with success code “10013”, else throw an error “User does not exist” with success code “10006”.

Mitigation

Since this is the condition we have to implement a single error which can be “Username/Password is Incorrect!!!” with single success code.

Affected configurations

Vulners
Node
icewhaletechcasaos-userserviceMatch0.4.7
VendorProductVersionCPE
icewhaletechcasaos-userservice0.4.7cpe:2.3:a:icewhaletech:casaos-userservice:0.4.7:*:*:*:*:*:*:*

Related

vulnrichment 2
cvelist 2
gitlab 2
cve 2
osv 5
prion 1
veracode 2
nvd 2
github 1
vulnrichment
vulnrichment
CVE-2024-28232 Username Enumeration in CasaOS via bypass of CVE-2024-24766
2024-04-01 16:42:05
CVE-2024-24766 CasaOS Username Enumeration
2024-03-06 18:10:25
cvelist
cvelist
CVE-2024-28232 Username Enumeration in CasaOS via bypass of CVE-2024-24766
2024-04-01 16:42:05
CVE-2024-24766 CasaOS Username Enumeration
2024-03-06 18:10:25
gitlab
gitlab
CasaOS Username Enumeration - Bypass of CVE-2024-24766
2024-04-01 00:00:00
CasaOS Username Enumeration
2024-03-06 00:00:00
cve
cve
CVE-2024-28232
2024-04-01 17:15:45
CVE-2024-24766
2024-03-06 19:15:07
osv
osv
CasaOS Username Enumeration - Bypass of CVE-2024-24766
2024-04-01 15:48:15
CVE-2024-24766
2024-03-06 19:15:07
Username enumeration in github.com/IceWhaleTech/CasaOS-UserService
2024-03-14 17:12:59
prion
prion
Design/Logic Flaw
2024-03-06 19:15:00
veracode
veracode
Username Enumeration
2024-03-07 08:02:43
Username Enumeration
2024-04-02 11:43:06
nvd
nvd
CVE-2024-24766
2024-03-06 19:15:07
CVE-2024-28232
2024-04-01 17:15:45
github
github
CasaOS Username Enumeration
2024-03-06 15:23:53

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.3

Confidence

Low

EPSS

0

Percentile

15.5%

JSON
Related for GHSA-HCW2-2R9C-GC6P
vulnrichment2cvelist2gitlab2cve2osv5prion1veracode2nvd2github1