CVE-2024-33856

An issue was discovered in Logpoint before 7.4.0. An attacker can enumerate a valid list of usernames by observing the response time at the Forgot Password endpoint.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://servicedesk.logpoint.com/hc/en-us/articles/18533583876253-Username-enumeration-using-the-forget-password-endpoint	Vendor Advisory
https://servicedesk.logpoint.com/hc/en-us/categories/200832975-Knowledge-Center	Product
https://servicedesk.logpoint.com/hc/en-us/articles/18533583876253-Username-enumeration-using-the-forget-password-endpoint	Vendor Advisory
https://servicedesk.logpoint.com/hc/en-us/categories/200832975-Knowledge-Center	Product

Configurations

Configuration 1 (hide)

cpe:2.3:a:logpoint:siem:*:*:*:*:*:*:*:*

History

18 Apr 2025, 12:39

Type	Values Removed	Values Added
CPE		cpe:2.3:a:logpoint:siem::::::::
References	~~() https://servicedesk.logpoint.com/hc/en-us/articles/18533583876253-Username-enumeration-using-the-forget-password-endpoint -~~	() https://servicedesk.logpoint.com/hc/en-us/articles/18533583876253-Username-enumeration-using-the-forget-password-endpoint - Vendor Advisory
References	~~() https://servicedesk.logpoint.com/hc/en-us/categories/200832975-Knowledge-Center -~~	() https://servicedesk.logpoint.com/hc/en-us/categories/200832975-Knowledge-Center - Product
First Time		Logpoint Logpoint siem

21 Nov 2024, 09:17

Type	Values Removed	Values Added
References	~~() https://servicedesk.logpoint.com/hc/en-us/articles/18533583876253-Username-enumeration-using-the-forget-password-endpoint -~~	() https://servicedesk.logpoint.com/hc/en-us/articles/18533583876253-Username-enumeration-using-the-forget-password-endpoint -
References	~~() https://servicedesk.logpoint.com/hc/en-us/categories/200832975-Knowledge-Center -~~	() https://servicedesk.logpoint.com/hc/en-us/categories/200832975-Knowledge-Center -

03 Jul 2024, 01:58

Type	Values Removed	Values Added
CWE		CWE-204
Summary		(es) Se descubrió un problema en Logpoint antes de 7.4.0. Un atacante puede enumerar una lista válida de nombres de usuario observando el tiempo de respuesta en el endpoint de Forgot Password.
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.3

07 May 2024, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-07 16:15

Updated : 2025-04-18 12:39

NVD link : CVE-2024-33856

Mitre link : CVE-2024-33856

CVE.ORG link : CVE-2024-33856

JSON object : View

Products Affected

logpoint

siem

CWE

CWE-204

Observable Response Discrepancy

{"id": "CVE-2024-33856", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2024-05-07T16:15:08.010", "references": [{"url": "https://servicedesk.logpoint.com/hc/en-us/articles/18533583876253-Username-enumeration-using-the-forget-password-endpoint", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://servicedesk.logpoint.com/hc/en-us/categories/200832975-Knowledge-Center", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://servicedesk.logpoint.com/hc/en-us/articles/18533583876253-Username-enumeration-using-the-forget-password-endpoint", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://servicedesk.logpoint.com/hc/en-us/categories/200832975-Knowledge-Center", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-204"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Logpoint before 7.4.0. An attacker can enumerate a valid list of usernames by observing the response time at the Forgot Password endpoint."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Logpoint antes de 7.4.0. Un atacante puede enumerar una lista v\u00e1lida de nombres de usuario observando el tiempo de respuesta en el endpoint de Forgot Password."}], "lastModified": "2025-04-18T12:39:50.870", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:logpoint:siem:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "38961EE7-E2D5-40AC-B736-C3CA4D5F4953", "versionEndExcluding": "7.4.0"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

5.3 /10