CVE-2026-24669
📋 TL;DR
CVE-2026-24669 is an insecure password reset vulnerability in Open eClass (formerly GUnet eClass) that allows local attackers to reuse valid password reset tokens after they've already been used. This enables unauthorized password changes and potential account takeover. All Open eClass installations prior to version 4.2 are affected.
💻 Affected Systems
- Open eClass (formerly GUnet eClass)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete account takeover of any user account, including administrators, leading to data theft, privilege escalation, and system compromise.
Likely Case
Unauthorized password changes for regular user accounts, enabling access to course materials, grades, and personal information.
If Mitigated
Limited impact with proper monitoring and quick detection of unauthorized password reset attempts.
🎯 Exploit Status
Exploitation requires local access to intercept or obtain password reset tokens, but the actual token reuse mechanism is simple.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 4.2
Vendor Advisory: https://github.com/gunet/openeclass/security/advisories/GHSA-gcqq-fxw6-f866
Restart Required: Yes
Instructions:
1. Backup your current installation and database. 2. Download Open eClass version 4.2 or later from the official repository. 3. Follow the upgrade instructions in the documentation. 4. Restart the web server and verify functionality.
🔧 Temporary Workarounds
Disable password reset functionality
allTemporarily disable the password reset feature until patching can be completed.
# Modify application configuration to disable password reset
# Exact commands depend on your specific deployment
Implement rate limiting
linuxAdd rate limiting to password reset endpoints to make token reuse more difficult.
# Configure web server rate limiting (e.g., nginx limit_req)
# Example for nginx: limit_req_zone $binary_remote_addr zone=reset:10m rate=1r/m;
🧯 If You Can't Patch
- Implement network segmentation to restrict access to the Open eClass instance
- Enable detailed logging and monitoring of all password reset attempts
🔍 How to Verify
Check if Vulnerable:
Check your Open eClass version in the administration panel or by examining the application files. If version is below 4.2, you are vulnerable.Check Version:
Check the version.php file or administration dashboard for version informationVerify Fix Applied:
After upgrading to version 4.2 or later, test the password reset functionality to ensure tokens cannot be reused.📡 Detection & Monitoring
Log Indicators:
- Multiple password reset attempts for the same user
- Password reset token reuse attempts
- Unusual password change patterns
Network Indicators:
- Multiple requests to password reset endpoints from same source
- Unusual timing patterns in password reset requests
SIEM Query:
source="openeclass" AND (event="password_reset" OR event="password_change") | stats count by user, src_ip | where count > 2