Make "bin/auth lock" also lock "Customize Messages" in Auth
Open, LowPublic
Actions

Assigned To

Authored By

	epriestley
	Jul 19 2019, 10:36 PM

Description

See D20663. Currently, an attacker who gains control of an administrator account can customize messages in Auth → Customize Messages even if bin/auth lock is locked.

This isn't catastrophic, but the lock should probably cover these messages too, since there are a lot of plausible ways that this attacker can do social-engineering-flavored attacks like replacing the login screen with:

You've won a hog!!! Click [[ http://evil.com/phishing-page.jsp | here ]] and log in to claim your prize!!!!

<... 9000 newlines to hide the rest of the page way below the fold ...>

This isn't quite on the same level as "the NSA secretly invented new prime numbers", but extending the lock generally improves consistency in our approach.

Related Objects

Mentioned In: D20663: Allow installs to customize mail body guidance in the "Email Login" and "Set Password" emails
Mentioned Here: D20663: Allow installs to customize mail body guidance in the "Email Login" and "Set Password" emails

Event Timeline

epriestley triaged this task as Low priority.Jul 19 2019, 10:36 PM

epriestley created this task.

epriestley mentioned this in D20663: Allow installs to customize mail body guidance in the "Email Login" and "Set Password" emails.

Make "bin/auth lock" also lock "Customize Messages" in AuthOpen, LowPublicActions

Description

Related Objects

Event Timeline

Make "bin/auth lock" also lock "Customize Messages" in Auth
Open, LowPublic
Actions