Covenant icon indicating copy to clipboard operation
Covenant copied to clipboard
verified publisher icon cobbr

[Bug] User priv escalation

Open ZerkerEOD opened this issue 4 years ago • 0 comments

Feature Request or Bug Bug

Describe the feature request or bug It seems a normal user can alter their privileges and upgrade to Administrator themselves.

To Reproduce Steps to reproduce the behavior:

  1. Log in as a user
  2. Select Users on the left.
  3. Click on your user.
  4. Select the drop down for edit roles
  5. Click Administrator and wait for a checkmark
  6. Click on the screen anywhere to dismiss the dropdown
  7. Click edit roles
  8. Your user will be an administrator and show when you get back to list all users.

Expected behavior A user should not be able to give themselves administrator roles

Screenshots I do not think this needs a screen shot since it is pretty straight forward and not a specific error being displayed during operation.

Covenant Server Information:

  • OS: Ubuntu 20.04.3
  • Docker or Native: Native

Browser Information:

  • Browser Chrome
  • Version Version 97.0.4692.99 (Official Build) (64-bit)

Target Information (System that implant is running on): Not Applicable

Additional context No additional context

ZerkerEOD avatar Jan 26 '22 20:01 ZerkerEOD