Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Security] Any user can edit RemoteApps #7

Open
sashaqwert opened this issue Jun 2, 2021 · 2 comments
Open

[Security] Any user can edit RemoteApps #7

sashaqwert opened this issue Jun 2, 2021 · 2 comments

Comments

@sashaqwert
Copy link

I have several accounts without administrator rights. Some of these accounts do not have RDP access and have a very simple password.

I decided to try to log into the Web interface under such an account and was able to edit the RemoteApp list (as if I were an administrator).

Please add a check for user rights so that users without administrator rights can only download RDP files and use the WEB channel.
@sashaqwert sashaqwert mentioned this issue Jun 4, 2021
Open
@kimmknight
Copy link
Owner

Correct. The authentication does not check the user's group membership.

This most certainly needs to go on the todo list!

Ideally, I'd like it to check whether the user is a member of either:

Administrators
Remote Desktop Users

@boyfromgermany
Copy link

Correct. The authentication does not check the user's group membership.

This most certainly needs to go on the todo list!

Ideally, I'd like it to check whether the user is a member of either:

Administrators Remote Desktop Users

please allow to specify a seperate group

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sashaqwert @boyfromgermany @kimmknight