![[The AI Show Episode 142]: ChatGPT’s New Image Generator, Studio Ghibli Craze and Backlash, Gemini 2.5, OpenAI Academy, 4o Updates, Vibe Marketing & xAI Acquires X](https://www.marketingaiinstitute.com/hubfs/ep%20142%20cover.png)
![[FREE EBOOKS] The Kubernetes Bible, The Ultimate Linux Shell Scripting Guide & Four More Best Selling Titles](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
![From drop-out to software architect with Jason Lengstorf [Podcast #167]](https://cdn.hashnode.com/res/hashnode/image/upload/v1743796461357/f3d19cd7-e6f5-4d7c-8bfc-eb974bc8da68.png?#)
.png?#)
.jpg?#)
_Christophe_Coat_Alamy.jpg?#)
![Rapidus in Talks With Apple as It Accelerates Toward 2nm Chip Production [Report]](https://www.iclarified.com/images/news/96937/96937/96937-640.jpg)
Nagios XI Vulnerability Allows Unauthenticated Users to View Other User Details & Email
A significant security vulnerability (CVE-2024-54961) has been identified in Nagios XI 2024R1.2.2, enabling unauthenticated attackers to retrieve sensitive user information, including usernames and email addresses. This flaw, classified as an information disclosure vulnerability (CWE-200), exposes organizational user directories to potential misuse in phishing campaigns or credential-stuffing attacks. Nagios XI Vulnerability The vulnerability resides in improper […] The post Nagios XI Vulnerability Allows Unauthenticated Users to View Other User Details & Email appeared first on Cyber Security News.
A significant security vulnerability (CVE-2024-54961) has been identified in Nagios XI 2024R1.2.2, enabling unauthenticated attackers to retrieve sensitive user information, including usernames and email addresses.
This flaw, classified as an information disclosure vulnerability (CWE-200), exposes organizational user directories to potential misuse in phishing campaigns or credential-stuffing attacks.
Nagios XI Vulnerability
The vulnerability resides in improper access controls for multiple administrative endpoints. Unauthenticated requests to pages such as /nagiosxi/admin/userpreferences.php and /nagiosxi/includes/ajax/notification-handlers.inc.php return JSON payloads containing user metadata.
Attackers can exploit this by crafting simple HTTP GET requests:
The server responds with structured data like:
This bypasses Nagios XI’s session validation mechanisms, which erroneously treat these endpoints as public resources.
As of February 2025, no active exploits have been observed, but the simplicity of this attack vector necessitates urgent remediation.
Impact and Exploitation Scenarios
Compromised email addresses and usernames provide attackers with reconnaissance data to:
- Launch targeted phishing campaigns leveraging Nagios-themed lures.
- Brute-force credentials for privileged accounts (e.g., nagiosadmin).
- Cross-reference data with password dumps for credential-stuffing attacks.
The vulnerability is particularly critical in multi-tenant deployments, where user lists may include external clients or third-party integrators
Mitigation and Response
Nagios Enterprises has addressed this flaw in subsequent releases. Administrators must:
- Immediately upgrade to Nagios XI 2024R1.2.3 or later.
- Audit user accounts for anomalous activity using grep ‘Failed login’ /usr/local/nagiosxi/var/auth.log.
- Implement network-level controls to restrict access to /nagiosxi/admin/ paths from untrusted networks.
This incident follows a pattern of access control failures in Nagios XI, including past vulnerabilities like CVE-2021-25296 (RCE via WMI wizard) and CVE-2018-15708 (privilege escalation).
The recurrence highlights the importance of rigorous endpoint testing in monitoring platforms that manage critical infrastructure credentials.
Free Webinar: Better SOC with Interactive Malware Sandbox for Incident Response and Threat Hunting – Register Here
The post Nagios XI Vulnerability Allows Unauthenticated Users to View Other User Details & Email appeared first on Cyber Security News.
