CVE Catalog
CVE-2024-55374
MediumCVSS 5.3Exploitation Probability (EPSS)
Low risk0.24%
15th percentile - higher than 15% of all known CVEs
Summary
A vulnerability in REDCap 14.3.13 allows an attacker to enumerate usernames due to an observable discrepancy in login attempt responses.
Risk Assessment
An attacker can compile a list of valid usernames, facilitating brute-force or social engineering attacks against the system.
Recommendation
Update REDCap to the latest version and implement uniform login error messages to prevent distinguishing between existing and non-existing users.
Original NVD description (English source)
REDCap 14.3.13 allows an attacker to enumerate usernames due to an observable discrepancy between login attempts.

