CVE-2024-24767 – CVE-2024-24767 is a critical authentication vul... (How to Fix)

Q: What is the severity of CVE-2024-24767?

CVE-2024-24767 has a CVSS score of 9.1 (CRITICAL). CVE-2024-24767 is a critical authentication vulnerability in CasaOS-UserService that allows attackers to perform unlimited password brute force attacks against the login system. This can lead to complete server compromise with super user privileges. All CasaOS installations running versions 0.4.4.3 through 0.4.6 are affected.

📋 TL;DR

CVE-2024-24767 is a critical authentication vulnerability in CasaOS-UserService that allows attackers to perform unlimited password brute force attacks against the login system. This can lead to complete server compromise with super user privileges. All CasaOS installations running versions 0.4.4.3 through 0.4.6 are affected.

💻 Affected Systems

Products:

CasaOS-UserService
CasaOS

Versions: 0.4.4.3 through 0.4.6

Operating Systems: Linux, Any OS running CasaOS

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations within the affected version range are vulnerable. No special configuration required for exploitation.

📦 What is this software?

Casaos by Icewhale

View all CVEs affecting Casaos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers gain full administrative control over the CasaOS server, allowing them to execute arbitrary commands, access all data, and potentially pivot to other systems.

🟠

Likely Case

Attackers compromise user accounts through automated password guessing, gaining access to sensitive data and system functionality.

🟢

If Mitigated

With proper rate limiting and account lockout controls, attackers cannot successfully brute force credentials.

🌐 Internet-Facing: HIGH - Any CasaOS instance exposed to the internet is vulnerable to automated brute force attacks from anywhere.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this, but requires network access to CasaOS.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only standard HTTP requests to the login endpoint. No special tools or knowledge needed beyond basic HTTP client capabilities.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 0.4.7

Vendor Advisory: https://github.com/IceWhaleTech/CasaOS-UserService/security/advisories/GHSA-c69x-5xmw-v44x

Restart Required: Yes

Instructions:

1. Backup your CasaOS configuration and data. 2. Update CasaOS-UserService to version 0.4.7 using your package manager or by downloading from GitHub releases. 3. Restart the CasaOS service. 4. Verify the update was successful.

🔧 Temporary Workarounds

Network-level rate limiting

linux

Implement rate limiting at the network or reverse proxy level to restrict login attempts

# Example using nginx rate limiting in nginx.conf
limit_req_zone $binary_remote_addr zone=login:10m rate=5r/m;
location /login {
    limit_req zone=login burst=10 nodelay;
}

IP-based access restrictions

linux

Restrict CasaOS access to trusted IP addresses only

# Using iptables to restrict access
iptables -A INPUT -p tcp --dport [CASAOS_PORT] -s [TRUSTED_IP] -j ACCEPT
iptables -A INPUT -p tcp --dport [CASAOS_PORT] -j DROP

🧯 If You Can't Patch

Isolate CasaOS instance from untrusted networks using firewall rules
Implement strong password policies and monitor for brute force attempts in logs

🔍 How to Verify

Check if Vulnerable:

Check CasaOS-UserService version. If between 0.4.4.3 and 0.4.6 inclusive, you are vulnerable.

Check Version:

Check the CasaOS web interface settings or run: grep -i version /path/to/casaos/config/files/*

Verify Fix Applied:

Verify CasaOS-UserService version is 0.4.7 or higher. Test that login attempts are now rate limited.

📡 Detection & Monitoring

Log Indicators:

Multiple failed login attempts from same IP address
Unusual login patterns outside normal hours
Successful login after many failed attempts

Network Indicators:

High volume of POST requests to /login endpoint
Traffic patterns showing automated login attempts

SIEM Query:

source="casaos.logs" AND (event="login_failed" count>10 within 5m) OR (event="login_success" after multiple event="login_failed")

📊 Metadata

CVE ID: CVE-2024-24767

CVSS v3 Score: 9.1 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

CWE: CWE-307

Published: March 6, 2024

Last Updated: April 10, 2025

🔗 References

https://github.com/IceWhaleTech/CasaOS-UserService/commit/62006f61b55951048dbace4ebd9e483274838699 Patch
https://github.com/IceWhaleTech/CasaOS-UserService/releases/tag/v0.4.7 Release Notes
https://github.com/IceWhaleTech/CasaOS-UserService/security/advisories/GHSA-c69x-5xmw-v44x Exploit,Vendor Advisory
https://github.com/IceWhaleTech/CasaOS-UserService/commit/62006f61b55951048dbace4ebd9e483274838699 Patch
https://github.com/IceWhaleTech/CasaOS-UserService/releases/tag/v0.4.7 Release Notes
https://github.com/IceWhaleTech/CasaOS-UserService/security/advisories/GHSA-c69x-5xmw-v44x Exploit,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-24767, you might also want to check these: