Skip to content

[hackerone] Reduce WireGuard tunnel service permissions on Windows #37846

New issue
Jump to bottom
New issue
Jump to bottom
Closed
brave/brave-core
#23540
Closed
[hackerone] Reduce WireGuard tunnel service permissions on Windows#37846
brave/brave-core
#23540
Assignees
diracdeltasbsclifton
Labels
OS/DesktopOS/WindowsQA Pass-Win64QA/Test-Plan-SpecifiedQA/Yesfeature/vpnpriority/P3The next thing for us to work on. It'll ride the trains.release-notes/includesec-lowsecurity
Milestone
 
1.68.x - Release
@diracdeltas

Description

@diracdeltas
diracdeltas
opened on Apr 24, 2024

Test plan

  • Install Brave on Windows as administrator (so install goes to %PROGRAMFILES%). You should get a UAC prompt
  • Open Brave
  • Login to account.brave.com into an account that has VPN or purchase VPN
  • Verify the WireGuard service was registered with Windows by opening up services.msc. The name will be like Brave Vpn Wireguard Service (BraveVpnWireguardService) / Brave Beta Vpn Wireguard Service (BraveBetaVpnWireguardService) / Brave Nightly Vpn Wireguard Service (BraveNightlyVpnWireguardService)
  • Use the VPN menu in Brave and pick a server (ex: Canada)
  • Connect to VPN
  • Visit https://whatismyipaddress.com/ and verify you are in the region picked
  • Disconnect VPN
  • Pick another region (ex: Germany)
  • Connect to VPN
  • Visit https://whatismyipaddress.com/ and verify you are in the region picked
  • Disconnect VPN

Description

originally reported at https://hackerone.com/reports/2473183 by newfunction.

suggested fix - https://bravesoftware.slack.com/archives/C6R461GF4/p1713994125371129?thread_ts=1713731727.148139&cid=C6R461GF4

Metadata

Assignees

Labels

OS/DesktopOS/WindowsQA Pass-Win64QA/Test-Plan-SpecifiedQA/Yesfeature/vpnpriority/P3The next thing for us to work on. It'll ride the trains.release-notes/includesec-lowsecurity

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions