Open eClass is Vulnerable to Username Enumeration via Login Response...

5.3 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Description

The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a username enumeration vulnerability allows unauthenticated attackers to identify valid user accounts by analyzing differences in the login response behavior. This issue has been patched in version 4.2.

Basic Information

ID CVE-2026-24664

Source GitHub_M

Published Feb 3, 2026 at 16:56

Affected Product

Vendor gunet

Product openeclass

Version < 4.2

Affected Versions gunet openeclass < 4.2

CWE Classification

CWE-204

References

github.com /gunet/openeclass/security/advisories/GHSA-c3wq-m629-5h2j

{
    "lastseen": "",
    "description": "The Open eClass platform (formerly known as GUnet eClass) is a complete course management system. Prior to version 4.2, a username enumeration vulnerability allows unauthenticated attackers to identify valid user accounts by analyzing differences in the login response behavior. This issue has been patched in version 4.2.",
    "published": "2026-02-03T16:56:07.167Z",
    "modified": "2026-02-03T16:56:07.167Z",
    "type": "cve",
    "title": "Open eClass is Vulnerable to Username Enumeration via Login Response Discrepancies",
    "source": "GitHub_M",
    "references": "https://github.com/gunet/openeclass/security/advisories/GHSA-c3wq-m629-5h2j",
    "id": "CVE-2026-24664",
    "bulletinFamily": "",
    "cwe": [
        "CWE-204"
    ],
    "cvelist": null,
    "sourceData": "gunet openeclass < 4.2",
    "sourceHref": "",
    "cvss": {
        "score": 5.3,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "openeclass",
    "version": "< 4.2",
    "vendor": "gunet",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Open eClass is Vulnerable to Username Enumeration via Login Response Discrepancies_CVE-2026-24664