CVE-2024-57698

Name of the Vulnerable Software and Affected Versions modernwms version 1.0

Description The issue allows an attacker to view the MD5 hash of the administrator password and other attributes without authentication. This is due to excessive exposure of information and the lack of adequate access control on the "/user/list?culture=en-us" endpoint.

Recommendations For modernwms version 1.0, consider restricting access to the "/user/list?culture=en-us" endpoint until a patch is available. As a temporary workaround, limit the exposure of sensitive information by implementing proper access controls to prevent unauthorized access.