Menu
▾
▴
[Unity-idm-discuss] security issue for contents managers
|
From: Sander A. <sa....@fz...> - 2018-06-06 09:09:05
|
Hi Krzysztof, I found a security issue for contents manages. If a users has sys:AuthorizationRole Contents Manager, the user is able to "update" his privileges and set the sys:AuthorizationRole to System Manager. After a new login the user controls the whole system. IMHO the update of this attribute beyond the own role must be prohibit. Best regards, Sander -- Federated Systems and Data Juelich Supercomputing Centre phone: +49 2461 61 8847 fax: +49 2461 61 6656 email: sa....@fz... ----------------------------------------------------------------------- ----------------------------------------------------------------------- Forschungszentrum Juelich GmbH 52425 Juelich Sitz der Gesellschaft: Juelich Eingetragen im Handelsregister des Amtsgerichts Dueren Nr. HR B 3498 Vorsitzender des Aufsichtsrats: MinDir Dr. Karl Eugen Huthmacher Geschaeftsfuehrung: Prof. Dr.-Ing. Wolfgang Marquardt (Vorsitzender), Karsten Beneke (stellv. Vorsitzender), Prof. Dr.-Ing. Harald Bolt, Prof. Dr. Sebastian M. Schmidt ----------------------------------------------------------------------- ----------------------------------------------------------------------- |
