Headline
CVE-2022-31478: ILIAS LMS UserTakeOver < 4.0.1 Vulnerability - BCK Security Inc - Medium
The UserTakeOver plugin before 4.0.1 for ILIAS allows an attacker to list all users via the search function.
While performing security testing on the ILIAS Learning Management System with the UserTakeOver plugin enabled, I noticed that a regular user was able to use the search function to enumerate all users on the system. This is predicated on the user having knowledge of the UserTakeOver search’s URL:
/ilias.php?cmd=search&cmdClass=ilusertakeovermaingui&cmdNode=<SITE SPECIFIC>&baseClass=iluipluginroutergui&q=
This has been fixed in version 4.0.1 but couldn’t find any disclosure or advisory.
CVE-2022–31478
https://github.com/srsolutionsag/UserTakeOver