Username Enumeration in CasaOS via bypass of CVE-2024-24766
CVE-2024-28232

7.5HIGH

Key Information:

Vendor: Icewhaletech
Status: Casaos-userservice
Vendor: CVE Published:; 1 April 2024

🔔 Create Icewhaletech Vulnerability Alert

What is CVE-2024-28232?

A vulnerability exists in the IceWhaleTech CasaOS User Service, where the login page reveals information about valid usernames, potentially enabling unauthorized users to ascertain legitimate accounts. This issue was identified in version 0.4.7 and has been addressed in version 0.4.8; however, the updated version is not yet available in Go's package manager. It is crucial for users to be aware of this vulnerability and apply the latest version once available to secure user management functionalities.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

CasaOS-UserService = 0.4.7

References

https://github.com/IceWhaleTech/CasaOS-UserService/securi...

x_refsource_CONFIRM

https://github.com/IceWhaleTech/CasaOS-UserService/commit...

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 1, 2024

JSON

Icewhaletech

What is CVE-2024-28232?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.