CVE-2024-51739 Scanner
CVE-2024-51739 Scanner - User Enumeration vulnerability in iTop
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
10 days
Scan only one
URL
Toolbox
-
iTop is an open-source IT service management platform that helps businesses manage IT assets and services. It provides a flexible and scalable solution for managing incident, problem, and change management processes, as well as service request management. iTop is used by a variety of organizations, particularly in the IT sector, to streamline and automate IT service management. Its features include a web-based interface, integration with other IT management tools, and customizable workflows. The platform is widely used by IT departments to provide a centralized service desk and manage their IT infrastructure. iTop’s security flaws could lead to potential exploitation if not addressed properly.
This vulnerability in iTop allows unauthenticated users to perform user enumeration via the password reset feature. Specifically, by providing a non-existent username to the `do_reset_pwd` operation via the REST API, an attacker can distinguish between valid and invalid usernames based on the error messages returned. This could be leveraged by an attacker to enumerate valid usernames on the system, which could assist in further attacks like brute force password guessing. The vulnerability arises from improper validation of input in the password reset process. While the attack does not directly expose sensitive data, it can be a first step toward more serious exploits.
The vulnerability occurs through the webservices/rest.php file, which processes unauthenticated requests to the `do_reset_pwd` operation. When an attacker provides a non-existent username, the response from the server differs from when a valid username is provided. Specifically, the server will return an error message like “doesnotexist is not a valid login,” allowing the attacker to determine whether the provided username exists. This can lead to user enumeration, as the attacker can systematically check for valid usernames. The issue stems from the lack of proper error message handling in response to invalid usernames during the password reset attempt.
If exploited, this vulnerability could allow attackers to enumerate valid usernames on the system, potentially enabling further attacks like password guessing or brute-force attacks. By identifying valid usernames, attackers can tailor their attacks more effectively, reducing the time and resources needed to compromise accounts. While the attack does not directly expose sensitive data, it could be used as a reconnaissance step to plan more significant attacks, such as gaining unauthorized access to user accounts or escalating privileges. This vulnerability could also lead to an increased risk of account takeovers if coupled with weak or reused passwords.
REFERENCES
