CVE-2024-55374

MEDIUM

REDCap 14.3.13 - Username Enumeration via Login Discrepancy

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-55374. PoCs published by T3slaa.

AI-analyzed exploit summary The repository describes a user enumeration vulnerability in Redcap 14.3.13, where distinct error messages allow attackers to infer valid user existence via brute-force HTTP authentication requests. The protection mechanism is bypassed due to its behavior.

Description

REDCap 14.3.13 allows an attacker to enumerate usernames due to an observable discrepancy between login attempts.

Exploits (1)

nomisec WRITEUP

by T3slaa · poc

https://github.com/T3slaa/CVE-2024-55374

View Code ZIP pw:eip

The repository describes a user enumeration vulnerability in Redcap 14.3.13, where distinct error messages allow attackers to infer valid user existence via brute-force HTTP authentication requests. The protection mechanism is bypassed due to its behavior.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Redcap 14.3.13

No auth needed

Prerequisites: Network access to the Redcap application

MITRE ATT&CK

T1589 - Gather Victim Identity Information T1110 - Brute Force

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Not Applicable

http://redcap.com

Third Party Advisory

https://github.com/T3slaa/CVE-2024-55374

Scores

CVSS v3 5.3

EPSS 0.0025

EPSS Percentile 16.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-203

Status published

Products (1)

vanderbilt/redcap 14.3.13

Published Jan 02, 2026

Tracked Since Feb 18, 2026