CVE-2024-44762

Name of the Vulnerable Software and Affected Versions: Webmin Usermin version 2.100

Description: A discrepancy in error messages for invalid login attempts in Webmin Usermin allows attackers to enumerate valid user accounts. This issue is related to shortcomings in the error reporting mechanism, which can be exploited by a remote attacker to perform a brute force attack.

Recommendations: For Webmin Usermin version 2.100, consider temporarily restricting access to the login functionality until a patch is available. As a mitigation measure, restrict access to the password change.cgi script to minimize the risk of exploitation. Avoid using the default error messages for invalid login attempts until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.