Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
Broken Authentication (Unauthorized partial access to admin panel) #762
In the application, the administrator can create user groups & also apply security policies (permission) to it, application to all member of its group.
One of the policies being user group permission to the "admin panel". Unfortunately, this doesn't work as expected. A normal user belonging to the
Steps to reproduce :
In order to reproduce again, log in from a valid user credential, having access to the admin panel & then logout.
I have tried to reproduce this issue and it seems like there is no such issue.
I have tried to login to admin panel using credentials of non admin user. - system did not allowed it.
Awaiting for feedback
I tried reproducing the issue from my other machine & failed to do so.
Anyhow still able to reproduce the original issue from my same machine & have recorded a video POC for the same. Not sure what's causing the problem.
Will try doing my research on it.