← back
CVE-2024-39211

CVE-2024-39211

CVSS 5.3 MEDIUMEPSS 1.1%CWE-204
In short

Kaiten 57.128.8 leaks whether user accounts exist by responding differently to login attempts. An attacker can test many email addresses to discover valid user accounts on the platform.

Technical detail

Information disclosure vulnerability via login response analysis; attackers can enumerate user accounts by crafting POST requests and observing whether the user_email field appears in responses, allowing account discovery without authentication.

Summary generated and translated by AI from the official description.
Kaiten 57.128.8 allows remote attackers to enumerate user accounts via a crafted POST request, because a login response contains a user_email field only if the user account exists.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/artemy-ccrsky/CVE-2024-39211https://github.com/artemy-ccrsky/CVE-2024-39211/blob/main/CVE-2024-39211.shhttps://kaiten.ru