CVE-2024-55198 – This vulnerability in Celk Sistemas Celk Saude ... (How to Fix)

Q: What is the severity of CVE-2024-55198?

CVE-2024-55198 has a CVSS score of 5.3 (MEDIUM). This vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows remote attackers to enumerate valid usernames by analyzing differences in error messages during password recovery attempts. Attackers can determine which accounts exist in the system, facilitating targeted attacks. Organizations using this specific healthcare software version are affected.

📋 TL;DR

This vulnerability in Celk Sistemas Celk Saude v.3.1.252.1 allows remote attackers to enumerate valid usernames by analyzing differences in error messages during password recovery attempts. Attackers can determine which accounts exist in the system, facilitating targeted attacks. Organizations using this specific healthcare software version are affected.

💻 Affected Systems

Products:

Celk Sistemas Celk Saude

Versions: v.3.1.252.1

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Specifically affects the password recovery functionality. Healthcare organizations using this software for patient management are primarily impacted.

📦 What is this software?

Celk Saude by Celk

View all CVEs affecting Celk Saude →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers build a complete user directory, enabling targeted phishing, credential stuffing, or brute-force attacks against known valid accounts, potentially leading to unauthorized access to sensitive healthcare data.

🟠

Likely Case

Attackers enumerate some valid usernames and use them for targeted social engineering or credential stuffing attacks against those specific accounts.

🟢

If Mitigated

With proper monitoring and authentication controls, impact is limited to information disclosure about account existence without enabling actual account compromise.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires no authentication and can be automated with simple scripts. Public research demonstrates the vulnerability clearly.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

Contact Celk Sistemas for patch information. Monitor their official channels for security updates.

🔧 Temporary Workarounds

Standardize Error Messages

all

Modify the password recovery functionality to return identical error messages regardless of whether the username exists or not.

Implement Rate Limiting

all

Add rate limiting to the password recovery endpoint to prevent automated enumeration attempts.

🧯 If You Can't Patch

Implement a web application firewall (WAF) with rules to detect and block user enumeration patterns
Monitor authentication logs for unusual patterns of password recovery attempts and implement alerting

🔍 How to Verify

Check if Vulnerable:

Test the password recovery functionality with valid and invalid usernames. If error messages differ (e.g., 'user not found' vs 'recovery email sent'), the system is vulnerable.

Check Version:

Check software version in application interface or configuration files

Verify Fix Applied:

After applying fixes, test that both valid and invalid usernames return identical generic error messages during password recovery attempts.

📡 Detection & Monitoring

Log Indicators:

Multiple failed password recovery attempts from single IP
Patterns of sequential username attempts in authentication logs

Network Indicators:

Unusual volume of requests to password recovery endpoint
Requests with systematically varying username parameters

SIEM Query:

source="auth_logs" AND (event="password_recovery" OR event="forgot_password") | stats count by src_ip, username | where count > threshold

📊 Metadata

CVE ID: CVE-2024-55198

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-204

EPSS Score: 0.13% exploit probability (32.8th percentile)

Published: March 13, 2025

Last Updated: April 3, 2025

🔗 References

https://cheatsheetseries.owasp.org/cheatsheets/Authentication_Cheat_Sheet.html Technical Description
https://github.com/gabriel-bri/vulnerability-research/tree/main/CVE-2024-55198 Exploit,Third Party Advisory
https://github.com/gabriel-bri/vulnerability-research/tree/main/CVE-2024-55198 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-55198, you might also want to check these: