CVE-2026-24664
📋 TL;DR
CVE-2026-24664 is a username enumeration vulnerability in Open eClass (formerly GUnet eClass) that allows unauthenticated attackers to identify valid user accounts by analyzing differences in login response behavior. This affects all Open eClass installations prior to version 4.2. The vulnerability enables reconnaissance that can facilitate credential stuffing or targeted attacks.
💻 Affected Systems
- Open eClass (formerly GUnet eClass)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers build a complete list of valid usernames, enabling targeted credential stuffing, social engineering, or brute-force attacks that could lead to account compromise and unauthorized access to course materials.
Likely Case
Attackers enumerate some valid usernames and use them for credential stuffing attacks against reused passwords, potentially gaining access to user accounts.
If Mitigated
Attackers can identify valid usernames but cannot progress to account compromise due to strong authentication controls like MFA and rate limiting.
🎯 Exploit Status
Username enumeration vulnerabilities are commonly exploited using automated tools. The advisory provides technical details that could facilitate exploitation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 4.2
Vendor Advisory: https://github.com/gunet/openeclass/security/advisories/GHSA-c3wq-m629-5h2j
Restart Required: Yes
Instructions:
1. Backup your Open eClass installation and database. 2. Download Open eClass version 4.2 from the official repository. 3. Follow the upgrade instructions in the documentation. 4. Restart the web server and verify the upgrade.
🔧 Temporary Workarounds
Implement Web Application Firewall (WAF) Rules
allConfigure WAF rules to detect and block username enumeration attempts by monitoring login request patterns and response analysis.
Rate Limit Login Endpoints
allImplement strict rate limiting on login endpoints to slow down enumeration attempts.
🧯 If You Can't Patch
- Implement strong authentication controls including multi-factor authentication (MFA) for all users
- Deploy network monitoring to detect enumeration patterns and block suspicious IP addresses
🔍 How to Verify
Check if Vulnerable:
Test login endpoint with valid and invalid usernames and compare response times, error messages, or HTTP status codes for differences.Check Version:
Check the version in the Open eClass admin panel or examine the source code version files.Verify Fix Applied:
After upgrading to version 4.2, test that login responses are identical for both valid and invalid usernames (same timing, same error messages).📡 Detection & Monitoring
Log Indicators:
- Multiple failed login attempts with different usernames from same IP
- Pattern of login requests with incremental usernames
Network Indicators:
- Unusual volume of POST requests to login endpoint
- Requests with systematically varied username parameters
SIEM Query:
source="web_logs" AND uri_path="/login" AND (status_code=401 OR status_code=200) | stats count by src_ip, username | where count > threshold