Skip to main content

Authentication mechanism absence or evasion - Admin Console

Description

Some functions of the application can be accessed without having to be logged into the server. Some only allow you to view and others, to edit some values.

Impact

  • List confidential information in the application.
  • Edit information in the application.

Recommendation

Protect resources that are not authenticated for access.

Threat

Unauthorized user from internal network.

Expected Remediation Time

⌚ 60 minutes.

Score

Default score using CVSS 3.1. It may change depending on the context of the vulnerability.

Base

  • Attack vector: A
  • Attack complexity: L
  • Privileges required: N
  • User interaction: N
  • Scope: U
  • Confidentiality: L
  • Integrity: L
  • Availability: N

Temporal

  • Exploit code madurity: X
  • Remediation level: X
  • Report confidence: X

Result

  • Vector string: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N/E:X/RL:X/RC:X
  • Score:
    • Base: 5.4
    • Temporal: 5.4
  • Severity:
    • Base: Medium
    • Temporal: Medium

Code Examples

Compliant code

Sensitive resources are restricted from being access by unauthorized users

app.post('/accessAdmin', hashedSentCode, function(req, res, next){
User.register({ _id: req.user.id}, req.body, function(err, user){
//Validating user has privileges and is correctly logged in
if (req.body.isLoggedIn && user.isAdmin){
user.allowAccess = True;
}
res.redirect('/profile/consoleManager');
}
});

Non compliant code

The application allows access to sensitive data without requiring user credentials

app.post('/accessAdmin', function(req, res, next){
User.register({ _id: req.user.id}, req.body, function(err, user){
//Allowing access to system files without verifying if user is logged in
user.allowAccess = True;
res.redirect('/profile/consoleManager');
}
});

Requirements