CVE-2024-43416 – This vulnerability allows unauthenticated attac... (How to Fix)

Q: What is the severity of CVE-2024-43416?

CVE-2024-43416 has a CVSS score of 7.5 (HIGH). This vulnerability allows unauthenticated attackers to determine whether specific email addresses correspond to valid GLPI user accounts. It affects GLPI installations from version 0.80 through 10.0.16, enabling user enumeration attacks.

📋 TL;DR

This vulnerability allows unauthenticated attackers to determine whether specific email addresses correspond to valid GLPI user accounts. It affects GLPI installations from version 0.80 through 10.0.16, enabling user enumeration attacks.

💻 Affected Systems

Products:

GLPI

Versions: 0.80 through 10.0.16

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: All GLPI installations within the affected version range are vulnerable by default.

📦 What is this software?

Glpi by Glpi Project

View all CVEs affecting Glpi →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could enumerate all valid user accounts, enabling targeted phishing, credential stuffing, or brute force attacks against known valid accounts.

🟠

Likely Case

Attackers identify valid user accounts for reconnaissance purposes, increasing the success rate of subsequent attacks.

🟢

If Mitigated

Limited to user enumeration only - no password disclosure or account takeover directly from this vulnerability.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple HTTP requests to the vulnerable endpoint can enumerate users without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 10.0.17

Vendor Advisory: https://github.com/glpi-project/glpi/security/advisories/GHSA-j8gc-xpgr-2ww7

Restart Required: No

Instructions:

1. Backup your GLPI installation and database. 2. Download GLPI 10.0.17 or newer from the official repository. 3. Follow the GLPI upgrade documentation to update your installation.

🔧 Temporary Workarounds

Web Application Firewall (WAF) Rule

all

Block requests to the vulnerable endpoint that perform user enumeration

Network Access Control

all

Restrict access to GLPI to trusted IP addresses only

🧯 If You Can't Patch

Implement rate limiting on the vulnerable endpoint to prevent mass enumeration
Monitor logs for unusual patterns of requests to user-related endpoints

🔍 How to Verify

Check if Vulnerable:

Test if unauthenticated requests to the user enumeration endpoint return valid user information

Check Version:

Check GLPI version in Administration > General > Information or via database query

Verify Fix Applied:

After patching, verify that unauthenticated requests no longer return user validation information

📡 Detection & Monitoring

Log Indicators:

Multiple failed authentication attempts from single IP
Unusual patterns of requests to user validation endpoints

Network Indicators:

HTTP requests to user enumeration endpoints without authentication headers

SIEM Query:

source="glpi_access.log" AND (uri_path="/path/to/vulnerable/endpoint" OR user_agent="*enumeration*" OR status_code=200 AND request_count>100)

📊 Metadata

CVE ID: CVE-2024-43416

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-200

Published: November 18, 2024

Last Updated: January 7, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-43416, you might also want to check these: