CVE-2024-45589

MEDIUM

RapidIdentity LTS through 2023.0.2 and Cloud through 2024.08.0 - Denial of Service via Username Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-45589. PoCs published by BenRogozinski.

AI-analyzed exploit summary This repository contains a detailed technical writeup and functional proof-of-concept code for CVE-2024-45589, a denial-of-service vulnerability in RapidIdentity due to improper account lockout mechanisms. The author provides a Python script demonstrating how excessive authentication attempts can lock out legitimate users.

Description

RapidIdentity LTS through 2023.0.2 and Cloud through 2024.08.0 improperly restricts excessive authentication attempts and allows a remote attacker to cause a denial of service via the username parameters.

Exploits (1)

nomisec WRITEUP
by BenRogozinski · poc
https://github.com/BenRogozinski/CVE-2024-45589

This repository contains a detailed technical writeup and functional proof-of-concept code for CVE-2024-45589, a denial-of-service vulnerability in RapidIdentity due to improper account lockout mechanisms. The author provides a Python script demonstrating how excessive authentication attempts can lock out legitimate users.

Classification
Writeup 100%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: RapidIdentity LTS <= 2023.0.2, RapidIdentity Cloud <= 2024.08.0
No auth needed
Prerequisites: knowledge of target usernames
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Scores

CVSS v3 5.9
EPSS 0.0095
EPSS Percentile 56.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact partial

Details

CWE
CWE-307
Status published
Products (2)
identityautomation/rapididentity < 2023.0.2
identityautomation/rapididentity < 2024.08.0
Published Sep 05, 2024
Tracked Since Feb 18, 2026