[userTypeFix]: Privilege Escalation through login mutation Response Interception #2103
Labels
bug
Something isn't working
feature request
security
Security fix
unapproved
Unapproved for Pull Request
userTypeFix
Describe the bug
In the Talawa Admin dashboard where intercepting and modifying the response to the login mutation can escalate privileges. Specifically, changing the
isSuperAdmin
value totrue
in the intercepted response grants super admin privileges to the user. This issue poses a significant security risk, allowing unauthorized access to super admin functionalities.To Reproduce
Steps to reproduce the behavior:
Expected behavior
The application should securely validate user privileges on the server side, preventing the escalation of privileges through client-side manipulation.
Screenshots
Burp.Suite.Professional.v2023.12.1.2.-.Temporary.Project.-.Licensed.to.Zer0DayLab.Crew.2024-03-27.00-29-35.mp4
Additional details
Add any other context or screenshots about the feature request here.
Potential internship candidates
Please read this if you are planning to apply for a Palisadoes Foundation internship PalisadoesFoundation/talawa#359
The text was updated successfully, but these errors were encountered: