2 matches found
GHSA-HCW2-2R9C-GC6P CasaOS Username Enumeration - Bypass of CVE-2024-24766
Summary The Casa OS Login page has disclosed the username enumeration vulnerability in the login page which was patched in CasaOS v0.4.7. Details It is observed that the attacker can enumerate the CasaOS username using the application response. If the username is incorrect the application gives t...
CVE-2024-24766
CVE-2024-24766 concerns username enumeration in the CasaOS-UserService login page. Affected software is CasaOS-UserService (the login module) with versions prior to 0.4.7 (specifically 0.4.4.3 through 0.4.7) where the login responses disclosed whether a username exists via distinct error messages...