CVE-2024-33856 – This vulnerability in Logpoint allows attackers... (How to Fix)

Q: What is the severity of CVE-2024-33856?

CVE-2024-33856 has a CVSS score of 5.3 (MEDIUM). This vulnerability in Logpoint allows attackers to enumerate valid usernames by timing responses from the Forgot Password endpoint. Attackers can identify which usernames exist in the system, facilitating targeted attacks. All Logpoint installations before version 7.4.0 are affected.

📋 TL;DR

This vulnerability in Logpoint allows attackers to enumerate valid usernames by timing responses from the Forgot Password endpoint. Attackers can identify which usernames exist in the system, facilitating targeted attacks. All Logpoint installations before version 7.4.0 are affected.

💻 Affected Systems

Products:

Logpoint

Versions: All versions before 7.4.0

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Affects the Forgot Password functionality in the web interface.

📦 What is this software?

Siem by Logpoint

View all CVEs affecting Siem →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers build a complete list of valid usernames, enabling targeted credential stuffing, phishing, or brute-force attacks against specific accounts.

🟠

Likely Case

Attackers identify some valid usernames and use them for targeted social engineering or credential attacks.

🟢

If Mitigated

Attackers cannot reliably determine which usernames exist, limiting their ability to target specific accounts.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only web access and timing measurements; no authentication needed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.4.0

Vendor Advisory: https://servicedesk.logpoint.com/hc/en-us/articles/18533583876253-Username-enumeration-using-the-forget-password-endpoint

Restart Required: Yes

Instructions:

1. Backup your Logpoint configuration. 2. Upgrade to Logpoint version 7.4.0 or later. 3. Restart the Logpoint services.

🔧 Temporary Workarounds

Rate Limit Forgot Password Endpoint

all

Implement rate limiting on the Forgot Password endpoint to make timing attacks impractical.

Disable Forgot Password Functionality

all

Temporarily disable the Forgot Password feature if not essential.

🧯 If You Can't Patch

Implement network-level controls to restrict access to the Forgot Password endpoint.
Monitor for unusual patterns of requests to the Forgot Password endpoint.

🔍 How to Verify

Check if Vulnerable:

Test the Forgot Password endpoint with valid and invalid usernames; if response times differ significantly, the system is vulnerable.

Check Version:

Check Logpoint web interface or run: logpoint-version

Verify Fix Applied:

After patching, test the Forgot Password endpoint; response times should be consistent regardless of username validity.

📡 Detection & Monitoring

Log Indicators:

Multiple failed Forgot Password attempts from single IP
Unusual patterns of Forgot Password requests

Network Indicators:

High volume of POST requests to /forgot-password endpoint

SIEM Query:

source="logpoint" AND (uri_path="/forgot-password" OR action="password_reset") | stats count by src_ip

📊 Metadata

CVE ID: CVE-2024-33856

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-204

Published: May 7, 2024

Last Updated: April 18, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-33856, you might also want to check these: