Unrated severityNVD Advisory· Published Nov 5, 2024· Updated Nov 5, 2024
Users enumeration allowed through Rest API in Combodo iTop
CVE-2024-51739
Description
Combodo iTop is a simple, web based IT Service Management tool. Unauthenticated user can perform users enumeration, which can make it easier to bruteforce a valid account. As a fix the sentence displayed after resetting password no longer shows if the user exists or not. This fix is included in versions 2.7.11, 3.0.5, 3.1.2, and 3.2.0. Users are advised to upgrade. Users unable to upgrade may overload the dictionary entry "UI:ResetPwd-Error-WrongLogin" through an extension and replace it with a generic message.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
1- github.com/Combodo/iTop/security/advisories/GHSA-2hmf-p27w-phf9mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.