CVE-2025-56423 – This vulnerability in OpenAtlas v8.12.0 allows ... (How to Fix)

📋 TL;DR

This vulnerability in OpenAtlas v8.12.0 allows remote attackers to enumerate valid usernames through login error messages. Attackers can determine which accounts exist in the system by analyzing differences in error responses. This affects all organizations using the vulnerable version of OpenAtlas.

💻 Affected Systems

Products:

Austrian Academy of Sciences Austrian Archaeological Institute OpenAtlas

Versions: v8.12.0

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects OpenAtlas installations with web login functionality enabled.

📦 What is this software?

Openatlas by Craws

View all CVEs affecting Openatlas →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers can enumerate all valid usernames, enabling targeted password attacks and potentially gaining unauthorized access to sensitive archaeological data.

🟠

Likely Case

Attackers identify valid usernames and conduct targeted brute-force or credential stuffing attacks against those accounts.

🟢

If Mitigated

With proper monitoring and strong password policies, impact is limited to username disclosure without account compromise.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires only web access to login page and basic scripting/tools to analyze error message differences.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: Not available

Restart Required: No

Instructions:

1. Monitor vendor channels for security updates
2. Apply patch when available
3. Test in development environment before production deployment

🔧 Temporary Workarounds

Generic Login Error Messages

all

Modify login functionality to return identical error messages for both invalid username and invalid password scenarios

Modify OpenAtlas source code to standardize login error responses

Rate Limiting

all

Implement rate limiting on login attempts to slow down enumeration attacks

Configure web server or application rate limiting rules

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to detect and block user enumeration patterns
Enable detailed logging of failed login attempts and monitor for enumeration patterns

🔍 How to Verify

Check if Vulnerable:

Test login with valid and invalid usernames - if error messages differ, system is vulnerable

Check Version:

Check OpenAtlas version in application interface or configuration files

Verify Fix Applied:

Verify that both invalid username and invalid password attempts return identical generic error messages

📡 Detection & Monitoring

Log Indicators:

Multiple failed login attempts with different usernames from same source
Pattern of login attempts with sequential usernames

Network Indicators:

Unusual volume of POST requests to login endpoint
Rapid sequential login attempts

SIEM Query:

source_ip=* AND (url_path="/login" OR url_path="/auth") AND status_code=401 | stats count by source_ip, username

📊 Metadata

CVE ID: CVE-2025-56423

CVSS v3 Score: 5.3 (MEDIUM)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE: CWE-203

EPSS Score: 0.06% exploit probability (18.1th percentile)

Published: November 24, 2025

Last Updated: November 28, 2025

🔗 References

https://www.sec4you-pentest.com/schwachstelle/openatlas-schwachstelle-user-enumeration/ Third Party Advisory
https://www.sec4you-pentest.com/schwachstellen/ Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-56423, you might also want to check these: