CVE-2024-44762
published 2024-10-16CVE-2024-44762: A discrepancy in error messages for invalid login attempts in Webmin Usermin v2.100 allows attackers to enumerate valid user accounts.
PriorityP334medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EXPLOIT
EPSS
2.50%
82.7th percentile
A discrepancy in error messages for invalid login attempts in Webmin Usermin v2.100 allows attackers to enumerate valid user accounts.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| webmin | usermin | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Usermin 2.100 - Username Enumeration
exploitdb·2025-04-17·CVSS 5.3
CVE-2024-44762 [MEDIUM] Usermin 2.100 - Username Enumeration
Usermin 2.100 - Username Enumeration
---
# Exploit Title: Usermin 2.100 - Username Enumeration
# Date: 10.02.2024
# Exploit Author: Kjesper
# Vendor Homepage: https://www.webmin.com/usermin.html
# Software Link: https://github.com/webmin/usermin
# Version: <= 2.100
# Tested on: Kali Linux
# CVE: CVE-2024-44762
# https://senscybersecurity.nl/cve-2024-44762-explained/
#!/usr/bin/python3
# -*- coding: utf-8 -*-
# Usermin - Username Enumeration (Version 2.100)
# Usage: UserEnumUsermin.py -u HOST -w WORDLIST_USERS
# Example: UserEnumUsermin.py -u https://127.0.0.1:20000 -w users.txt
import requests
import json
import requests
import argparse
import sys
from urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
parser =
Exploit-DB
Webmin Usermin 2.100 - Username Enumeration
exploitdb·2025-04-03·CVSS 5.3
CVE-2024-44762 [MEDIUM] Webmin Usermin 2.100 - Username Enumeration
Webmin Usermin 2.100 - Username Enumeration
---
# Exploit Title: Webmin Usermin 2.100 - Username Enumeration
# Date: 10.02.2024
# Exploit Author: Kjesper
# Vendor Homepage: https://www.webmin.com/usermin.html
# Software Link: https://github.com/webmin/usermin
# Version: <= 2.100
# Tested on: Kali Linux
# CVE: CVE-2024-44762
# https://senscybersecurity.nl/cve-2024-44762-explained/
#!/usr/bin/python3
# -*- coding: utf-8 -*-
# Usermin - Username Enumeration (Version 2.100)
# Usage: UserEnumUsermin.py -u HOST -w WORDLIST_USERS
# Example: UserEnumUsermin.py -u https://127.0.0.1:20000 -w users.txt
import requests
import json
import requests
import argparse
import sys
from urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(category=InsecureRequestWarn
Nuclei
Usermin 2.100 - Username Enumeration
nuclei·CVSS 5.3
CVE-2024-44762 [MEDIUM] Usermin 2.100 - Username Enumeration
Usermin 2.100 - Username Enumeration
Usermin version 2.100 and below is susceptible to username enumeration via the password change functionality. An attacker can determine valid usernames by analyzing the response messages from the password change endpoint.
Template:
id: CVE-2024-44762
info:
name: Usermin 2.100 - Username Enumeration
author: ritikchaddha
severity: medium
description: |
Usermin version 2.100 and below is susceptible to username enumeration via the password change functionality. An attacker can determine valid usernames by analyzing the response messages from the password change endpoint.
impact: |
Attackers can enumerate valid usernames by analyzing password change responses, aiding in further attacks.
remediation: |
Upgrade to the latest version of Usermin that addres
No writeups or analysis indexed.
2024-10-16
Published