Actively Exploited in the Wild
This vulnerability is being actively exploited in the wild.
Kalmia CMS User Enumeration Vulnerability
Vulnerability
A user enumeration vulnerability has been identified in Kalmia CMS version 0.2.0. The issue arises in the authentication process, where the application delivers distinct error messages for invalid usernames compared to valid usernames with incorrect passwords. This inconsistency allows unauthenticated attackers to identify valid usernames on the platform.
Impact
Exploitation of this vulnerability enables unauthenticated attackers to enumerate valid usernames, potentially leading to targeted password spraying, credential stuffing, and account discovery attacks.
Reproduction
To reproduce this vulnerability, send a POST request to the authentication endpoint '/kal-api/auth/jwt/create' with a non-existent username. The server will respond with 'user_not_found'. Next, test with a valid username and an incorrect password; the response will be 'invalid_password'. This discrepancy in error messages can be automated with a Python script that checks usernames individually or in bulk using a wordlist.
Remediation
Users are advised to update to the patched version of Kalmia CMS, which is available on the project's GitHub repository.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.