[Security][Critical Risk] WAPT-C-2: Default Admin Account Can Reappear #2 #91
Labels
security
Pull requests that address a security vulnerability
Comments
tostart-pickagreatname
added
the
security
tostart-pickagreatname
changed the title
|
Could not reproduce in |
|
Cannot reproduce in the container. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Vulnerability Summary
Testers discovered a scenario in which it is possible to reenable the default admin account even if the password is changed.
Analysis of the Attack
The tester followed these steps to produce this issue:
o Set up the environment via the docker process
o Authenticate to the Portal
o Create a new Admin
o Log out of the default admin and log into the new Admin account o Change the password and delete the default admin account
o Log out of the application
o Try to log into the app with the default admin account -- note that this no longer works
because we changed the password (unlike WAPT-C-1)
o Log in with the new (non-default) admin account
o Demote the role to "Staff"
o Log out
o Try to log into the app with the default admin account -- note that this now reenables the
deleted admin account
The text was updated successfully, but these errors were encountered: