CVE-2024-55198

Name of the Vulnerable Software and Affected Versions: Celk Sistemas Celk Saude version 3.1.252.1

Description: The issue concerns user enumeration via discrepancies in error messages in the password recovery functionality, allowing a remote attacker to enumerate users through different responses. This could potentially be exploited in phishing attacks.

Recommendations: For Celk Sistemas Celk Saude version 3.1.252.1, consider disabling the password recovery functionality until a patch is available to prevent user enumeration. Restrict access to the password recovery module to minimize the risk of exploitation. Avoid using the password recovery feature in the affected version until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.