Username Enumeration

2024-03-0708:02:43

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

username enumeration

information disclosure

security risk

casaos

CVSS3

6.2

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.8

Confidence

Low

EPSS

Percentile

15.5%

JSON

github.com/icewhaletech/casaos-userservice is vulnerable to Username Enumeration. The vulnerability is due to a disclosure of information in the application response with the error message ‘User does not exist’ or “Invalid password” providing a means for attackers to identify valid usernames, allowing attackers to enumerate CasaOS usernames can lead to a security risk.