!!!!! Very Important Security bug

Question

PrzemekSkw opened this issue 3 years ago · comments

I have that app on my vpn server and everyone who login with github account can enter my panel and change my wireguard configs.
Regards

vx3r · Answer 1 · Wed Jul 28 2021 01:42:06 GMT+0800 (China Standard Time)

this is how oauth2 oidc works, not sure there is a way to limit users

Malik Al · Answer 2 · Wed Jul 28 2021 12:39:20 GMT+0800 (China Standard Time)

So it's become public server?

Przemek · Answer 3 · Wed Jul 28 2021 12:55:52 GMT+0800 (China Standard Time)

@malikshi Yes, every one who Has github account can login on my panel.

Malik Al · Answer 4 · Wed Jul 28 2021 13:02:40 GMT+0800 (China Standard Time)

Bad news to Low spec vps and limited bw.

Przemek · Answer 5 · Wed Jul 28 2021 14:52:11 GMT+0800 (China Standard Time)

Yes, I use nginx-proxy, but I don't think it's true that @vx3r says:

this is how oauth2 oidc works, not sure there is a way to limit users

There has to be way to secure that. That will be useless.
regards.

vx3r · Answer 6 · Thu Jul 29 2021 01:06:37 GMT+0800 (China Standard Time)

i suggest using nginx basic auth or a oauth server you control (self hosted gitlab for example)