Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gitlabHttps://gitlab.com/gitlab-org/security-products/gemnasium-dbGITLAB-4C94FC46D5CF3AFD00E32FFE88E14272
HistoryMar 06, 2024 - 12:00 a.m.

CasaOS Username Enumeration

2024-03-0600:00:00
https://gitlab.com/gitlab-org/security-products/gemnasium-db
gitlab.com
6
casaos
username enumeration
login page
error handling
security vulnerability

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.9

Confidence

High

EPSS

0

Percentile

15.5%

JSON

Summary

The Casa OS Login page has disclosed the username enumeration vulnerability in the login page.

Details

It is observed that the attacker can enumerate the CasaOS username using the application response. If the username is incorrect application gives the error “User does not exist”, If the password is incorrect application gives the error “Invalid password”.

PoC

Capture the login request in a tool like Burp Suit and use the intruder tab for trying multiple usernames.
Keep checking the response of each request if the response says Invalid password then the username is right.

Impact

Using this error attacker can enumerate the username of CasaOS.

The logic behind the issue

If the username is incorrect, then throw an error “User does not exist” else throw an error “Invalid password”.

This condition can be vice versa like:

If the password is incorrect, then throw an error “Invalid password” else throw an error “User does not exist”.

Mitigation

Since this is the condition we have to implement a single error which can be “Username/Password is Incorrect!!!”

Affected configurations

Vulners
Node
gocasaos-userserviceRange0.4.4.3
OR
gocasaos-userserviceRange<0.4.7
VendorProductVersionCPE
gocasaos-userservice*cpe:2.3:a:go:casaos-userservice:*:*:*:*:*:*:*:*

Related

cvelist 2
cve 2
prion 1
osv 3
veracode 1
nvd 1
vulnrichment 2
github 2
gitlab 1
cvelist
cvelist
CVE-2024-24766 CasaOS Username Enumeration
2024-03-06 18:10:25
CVE-2024-28232 Username Enumeration in CasaOS via bypass of CVE-2024-24766
2024-04-01 16:42:05
cve
cve
CVE-2024-24766
2024-03-06 19:15:07
CVE-2024-28232
2024-04-01 17:15:45
prion
prion
Design/Logic Flaw
2024-03-06 19:15:00
osv
osv
CVE-2024-24766
2024-03-06 19:15:07
Username enumeration in github.com/IceWhaleTech/CasaOS-UserService
2024-03-14 17:12:59
CasaOS Username Enumeration - Bypass of CVE-2024-24766
2024-04-01 15:48:15
veracode
veracode
Username Enumeration
2024-03-07 08:02:43
nvd
nvd
CVE-2024-24766
2024-03-06 19:15:07
vulnrichment
vulnrichment
CVE-2024-24766 CasaOS Username Enumeration
2024-03-06 18:10:25
CVE-2024-28232 Username Enumeration in CasaOS via bypass of CVE-2024-24766
2024-04-01 16:42:05
github
github
CasaOS Username Enumeration
2024-03-06 15:23:53
CasaOS Username Enumeration - Bypass of CVE-2024-24766
2024-04-01 15:48:15
gitlab
gitlab
CasaOS Username Enumeration - Bypass of CVE-2024-24766
2024-04-01 00:00:00

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.9

Confidence

High

EPSS

0

Percentile

15.5%

JSON
Related for GITLAB-4C94FC46D5CF3AFD00E32FFE88E14272
cvelist2cve2prion1osv3veracode1nvd1vulnrichment2github2gitlab1