Skip to content

[Question] A security issue? #2008

Closed
Closed
@o101010

Description

@o101010

Request Type

Question

Work Environment

Question Answer
OS version (server) All
OS version (client) All
Virtualized Env. True / False
Dedicated RAM XX GB
vCPU 4 / 8 / 16 / 32
TheHive version / git hash 4.x, hash of the commit
Package Type RPM, DEB, Docker, Binary, From source
Database Cassandra / BerlkelyDB
Index type Lucene / Elasticsearch
Attachments storage Local, NFS, S3, HDFS
Browser type & version If applicable

Question

Hi.
Thank you for your amazing job on cortex and thehive. I'm exited by the next relase of cortex4, when i seen work on thehive4.

During my work on Thehive4 (and cortex3), I imagine a way to pass from one organization to another. In my opinion, it's a security issue that impact the confidentiality (an integrity).

Steps are pretty simple:

  1. Log as orgAdmin
  2. Create a new user that is already in another organization
  3. Reset his password (or create an API key)
  4. Log off yourself and login with this new account
  5. You have access to the two organizations.

It's due to the fact that TheHive autolink login user through multiple organizations.
A way to mitigate this issue is to separate local passwords* on differents organization. For delagated autentication flow (ad, oauth2, ...), this is not a problem because password can't be reset by TheHive. But local authenticate flows have priority by default.

Metadata

Metadata

Assignees

Labels

TheHive4TheHive4 related issuesbug

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions