You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hello,
I identified several security issues related to the implemented SSO approach that need to be addressed:
Hard-Coded Credentials
I found hard-coded secret keys in the code base:
Issue:
Secret keys should never be hard-coded. They should be stored securely in plugin settings.
If you need to change the secret key (e.g., for security reasons or rotation), all existing users will lose access to the service with the old key.
Recommendation:
Store the secret key as a configurable setting within the plugin.
Single Secret Key Usage
Using a single hard-coded secret key for all users and systems is insecure, especially with the current SSO mechanism. It could be exploited to overload the system. For example, a simple script could create thousands or even millions of users, potentially crashing the database if rate-limiting isn't in place.
Recommendation:
Implement individual keys per user or system and add rate-limiting mechanisms to prevent abuse.
Unauthorized Access via SSO
With the current SSO implementation, it’s possible to access the system using any email address, even without ownership. For instance, knowing an admin or manager's email could allow unauthorized access by simulating SSO redirect.
Recommendation:
Implement a robust registration logic where users generate a personal key and configure their LMS URL.
Use secure SSO methods like OAuth2, OpenID Connect, or at least JWT (JSON Web Tokens) for authentication.
The text was updated successfully, but these errors were encountered:
Hello,
I identified several security issues related to the implemented SSO approach that need to be addressed:
I found hard-coded secret keys in the code base:
Issue:
Secret keys should never be hard-coded. They should be stored securely in plugin settings.
If you need to change the secret key (e.g., for security reasons or rotation), all existing users will lose access to the service with the old key.
Recommendation:
Store the secret key as a configurable setting within the plugin.
Using a single hard-coded secret key for all users and systems is insecure, especially with the current SSO mechanism. It could be exploited to overload the system. For example, a simple script could create thousands or even millions of users, potentially crashing the database if rate-limiting isn't in place.
Recommendation:
Implement individual keys per user or system and add rate-limiting mechanisms to prevent abuse.
With the current SSO implementation, it’s possible to access the system using any email address, even without ownership. For instance, knowing an admin or manager's email could allow unauthorized access by simulating SSO redirect.
Recommendation:
The text was updated successfully, but these errors were encountered: