CVE-2024-57698
Published: 29 April 2025
Summary
CVE-2024-57698 is a high-severity Improper Preservation of Permissions (CWE-281) vulnerability in Modernwms Modernwms. Its CVSS base score is 7.5 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Account Discovery (T1087); ranked in the top 41.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-12667
Vulnerability details
An issue in modernwms v.1.0 allows an attacker view the MD5 hash of the administrator password and other attributes without authentication, even after initial configuration and password change. This happens due to excessive exposure of information and the lack of…
more
adequate access control on the /user/list?culture=en-us endpoint.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated access to /user/list endpoint exposes user account details and MD5 password hashes, enabling account discovery (T1087) and access to unsecured credentials (T1552).
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Forces removal or modification of permissions no longer required after reassignment, preventing improper preservation of old access rights.