CVE-2024-24767
CasaOS Improper Restriction of Excessive Authentication Attempts vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
CasaOS-UserService provides user management functionalities to CasaOS. Starting in version 0.4.4.3 and prior to version 0.4.7, CasaOS doesn't defend against password brute force attacks, which leads to having full access to the server. The web application lacks control over the login attempts. This vulnerability allows attackers to get super user-level access over the server. Version 0.4.7 contains a patch for this issue.
CasaOS-UserService proporciona funcionalidades de gestión de usuarios a CasaOS. A partir de la versión 0.4.4.3 y anteriores a la versión 0.4.7, CasaOS no defiende contra ataques de fuerza bruta a contraseñas, lo que lleva a tener acceso completo al servidor. La aplicación web carece de control sobre los intentos de inicio de sesión. Esta vulnerabilidad permite a los atacantes obtener acceso a nivel de superusuario al servidor. La versión 0.4.7 contiene un parche para este problema.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2024-01-29 CVE Reserved
- 2024-03-06 CVE Published
- 2024-03-07 EPSS Updated
- 2024-08-28 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-307: Improper Restriction of Excessive Authentication Attempts
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://github.com/IceWhaleTech/CasaOS-UserService/commit/62006f61b55951048dbace4ebd9e483274838699 | X_refsource_misc | |
https://github.com/IceWhaleTech/CasaOS-UserService/releases/tag/v0.4.7 | X_refsource_misc | |
https://github.com/IceWhaleTech/CasaOS-UserService/security/advisories/GHSA-c69x-5xmw-v44x | X_refsource_confirm |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
IceWhaleTech Search vendor "IceWhaleTech" | CasaOS-UserService Search vendor "IceWhaleTech" for product "CasaOS-UserService" | >= 0.4.4.3 < 0.4.7 Search vendor "IceWhaleTech" for product "CasaOS-UserService" and version " >= 0.4.4.3 < 0.4.7" | en |
Affected
|