CVE Catalog

CVE-2024-55374

MediumCVSS 5.3
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.24%

15th percentile - higher than 15% of all known CVEs

Summary

A vulnerability in REDCap 14.3.13 allows an attacker to enumerate usernames due to an observable discrepancy in login attempt responses.

Risk Assessment

An attacker can compile a list of valid usernames, facilitating brute-force or social engineering attacks against the system.

Recommendation

Update REDCap to the latest version and implement uniform login error messages to prevent distinguishing between existing and non-existing users.

Original NVD description (English source)

REDCap 14.3.13 allows an attacker to enumerate usernames due to an observable discrepancy between login attempts.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS