Users should not have access to view all machine IDs on web UI #11

Snuupy · 2024-09-07T07:43:52Z

Describe the bug

Currently users can view all machine IDs even if they should not have access to them. Although machines are protected with passwords, this still exposes metadata that should not be exposed, leaking information (though hopefully your users are not your adversaries!)

This also applies to the groups tab in the rustdesk app.

Describe the environment

Not relevant, but docker compose, latest

How to Reproduce the bug
Steps to reproduce the behavior:

create a normal non-admin user
browse devices page, see all devices listed

Expected behavior

only devices for that individual user should be listed if they are not an admin

Additional context

N/A

Notes

Please write in english only. If you provide some images in different languages, you're required to write a translation in english.
In any case, NEVER put here the content if your id_ed25519 file

The text was updated successfully, but these errors were encountered:

Snuupy added the bug Something isn't working label Sep 7, 2024

Snuupy mentioned this issue Sep 7, 2024

users without permissions should not be able to see a list of all devices #9

Closed

eltorio added the good first issue Good for newcomers label Sep 7, 2024

aeltorio transferred this issue from sctg-development/sctgdesk-server Sep 7, 2024

aeltorio added enhancement New feature or request and removed bug Something isn't working labels Sep 7, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Users should not have access to view all machine IDs on web UI #11

Users should not have access to view all machine IDs on web UI #11

Snuupy commented Sep 7, 2024 •

edited

Loading

Users should not have access to view all machine IDs on web UI #11

Users should not have access to view all machine IDs on web UI #11

Comments

Snuupy commented Sep 7, 2024 • edited Loading

Snuupy commented Sep 7, 2024 •

edited

Loading