Description
userSpice 4.3.24 contains a username enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by sending POST requests to the existingUsernameCheck.php endpoint. Attackers can submit usernames and analyze response text for the 'taken' string to identify existing accounts in the system.
Published: 2026-05-23
Score: 9.3 Critical
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability in UserSpice 4.3.24 permits an unauthenticated attacker to discover which usernames exist in the system. By sending a POST request to existingUsernameCheck.php and examining the response for the string taken, an attacker can enumerate all valid accounts. This information can be used to launch credential‑guessing, phishing, or other targeted attacks. The flaw is a classic username‑enumeration weakness identified as CWE‑204.

Affected Systems

Affected systems are installations built with UserSpice version 4.3.24. The CNA data does not list other affected versions. Administrators should confirm whether the system runs this release and assess whether a patch or upgrade is required.

Risk and Exploitability

The CVSS score of 9.3 indicates a severe flaw, while no EPSS score is available and the vulnerability is not catalogued in CISA KEV. The likely attack vector is over the network via HTTP; the attacker requires no authentication, and enumeration can be automated by sending multiple POST requests to the endpoint. Because the response reveals whether a username is taken, the risk of subsequent attacks is high.

Generated by OpenCVE AI on May 23, 2026 at 19:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the vendor‑issued patch or upgrade to a newer UserSpice version that removes or secures the existingUsernameCheck.php endpoint.
  • Configure the web server to restrict access to existingUsernameCheck.php, such as limiting requests to trusted IP addresses or enforcing authentication.
  • Monitor traffic for repeated POST requests to the endpoint and set up alerts for suspicious enumeration attempts.

Generated by OpenCVE AI on May 23, 2026 at 19:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sat, 23 May 2026 18:45:00 +0000

Type Values Removed Values Added
Description userSpice 4.3.24 contains a username enumeration vulnerability that allows unauthenticated attackers to discover valid usernames by sending POST requests to the existingUsernameCheck.php endpoint. Attackers can submit usernames and analyze response text for the 'taken' string to identify existing accounts in the system.
Title userSpice 4.3.24 Username Enumeration via existingUsernameCheck.php
Weaknesses CWE-204
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

cvssV4_0

{'score': 9.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-23T18:30:51.228Z

Reserved: 2026-05-23T15:34:00.756Z

Link: CVE-2018-25350

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-23T19:30:25Z

Weaknesses