Date: 30 April, 2024
Version: 1.0
Last update: Initial advisory
Severity: Low
Risks: Information disclosure
A notable vulnerability has been identified in TheHive's authentication module. This flaw potentially enables attackers to list and identify registered users on the platform. It is pertinent to note that this issue is exclusive to instances utilizing local authentication.
This vulnerability manifests when local authentication is enabled. It allows an attacker to discern the existence of valid user accounts based on differential response during authentication processes when the sent password is empty.
Affected Versions:
- TheHive versions 5.1.0 to 5.1.10
- TheHive versions 5.2.0 to 5.2.12
We recommend all users to upgrade to the following versions that contain the necessary fixes for this vulnerability:
- TheHive version 5.2.13 or higher
- TheHive version 5.1.11 or higher
We extend our heartfelt thanks to Lap1nou (@lapinousexy) from Orange Cyberdefense for his responsible reporting of the vulnerability, in alignment with our Responsible Vulnerability Disclosure Policy. We are deeply appreciative of his contribution to enhancing the safety and integrity of our systems.
For further inquiries or assistance regarding this security notice:
- Existing customers are encouraged to contact our support service.
- Others may reach out via email at [email protected].