CVE-2024-39912

{"id": "CVE-2024-39912", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2024-07-15T20:15:03.693", "references": [{"url": "https://github.com/web-auth/webauthn-framework/commit/64de11f6cddc71e56c76e0cc4573bf94d02be045", "source": "security-advisories@github.com"}, {"url": "https://github.com/web-auth/webauthn-framework/security/advisories/GHSA-875x-g8p7-5w27", "source": "security-advisories@github.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-204"}]}], "descriptions": [{"lang": "en", "value": "web-auth/webauthn-lib is an open source set of PHP libraries and a Symfony bundle to allow developers to integrate that authentication mechanism into their web applications. The ProfileBasedRequestOptionsBuilder method returns allowedCredentials without any credentials if no username was found. When WebAuthn is used as the first or only authentication method, an attacker can enumerate usernames based on the absence of the `allowedCredentials` property in the assertion options response. This allows enumeration of valid or invalid usernames. By knowing which usernames are valid, attackers can focus their efforts on a smaller set of potential targets, increasing the efficiency and likelihood of successful attacks. This issue has been addressed in version 4.9.0 and all users are advised to upgrade. There are no known workarounds for this vulnerability."}, {"lang": "es", "value": "web-auth/webauthn-lib es un conjunto de librer\u00edas PHP de c\u00f3digo abierto y un paquete Symfony para permitir a los desarrolladores integrar ese mecanismo de autenticaci\u00f3n en sus aplicaciones web. El m\u00e9todo ProfileBasedRequestOptionsBuilder devuelve AllowCredentials sin ninguna credencial si no se encontr\u00f3 ning\u00fan nombre de usuario. Cuando se utiliza WebAuthn como primer o \u00fanico m\u00e9todo de autenticaci\u00f3n, un atacante puede enumerar los nombres de usuario bas\u00e1ndose en la ausencia de la propiedad \"allowedCredentials\" en la respuesta de las opciones de aserci\u00f3n. Esto permite la enumeraci\u00f3n de nombres de usuario v\u00e1lidos o no v\u00e1lidos. Al saber qu\u00e9 nombres de usuario son v\u00e1lidos, los atacantes pueden centrar sus esfuerzos en un conjunto m\u00e1s peque\u00f1o de objetivos potenciales, aumentando la eficiencia y la probabilidad de ataques exitosos. Este problema se solucion\u00f3 en la versi\u00f3n 4.9.0 y se recomienda a todos los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad."}], "lastModified": "2024-07-16T13:43:58.773", "sourceIdentifier": "security-advisories@github.com"}