Security Bug - Any token can be used to append to the logfile (No Authentication Check)
Description
We can create a log file using a particular token but next time while writing to the logfile there is no authentication check , any token can be used to write to the logfile and during logread only the last token used can give us the entries (but only the entries appended by that token!). Therefore the original creator of the logfile cannot access the logfile and also the integrity of the logfile is compromised.
Input Provided and Output Obtained
As we can see above, for same logfile (log1 in this case) and with different tokens (secret in first case and password in second) we can append log entries (there is no authentication check) to the logfile which is a clear violation of token based authentication .
Also as depicted in the above image, the user with original token is not able to use logread functionality and only the last token can be used for logread functionality (which only consider the entries appended by that token ) . So eventually the access of the original user is lost and integrity of the logfile is compromised due to authentication bypass.
Expected Output
For any token other than the correct original token (which is used while creating the logfile) must result in an authentication check failed error and without knowing the token , no one should be able to write to the logfile. Also, both logread and logappend functionality should be accessible if someone uses the correct original token.
Functionality Targeted as part of the test-case.
Authentication and Logfile Integrity
Bug Type: Security Bug
Concerned Group : Group-10
Reported by : Pranjal (21110160)
Security Bug - Any token can be used to append to the logfile (No Authentication Check)
Description
We can create a log file using a particular token but next time while writing to the logfile there is no authentication check , any token can be used to write to the logfile and during logread only the last token used can give us the entries (but only the entries appended by that token!). Therefore the original creator of the logfile cannot access the logfile and also the integrity of the logfile is compromised.
Input Provided and Output Obtained
As we can see above, for same logfile (log1 in this case) and with different tokens (secret in first case and password in second) we can append log entries (there is no authentication check) to the logfile which is a clear violation of token based authentication .
Also as depicted in the above image, the user with original token is not able to use logread functionality and only the last token can be used for logread functionality (which only consider the entries appended by that token ) . So eventually the access of the original user is lost and integrity of the logfile is compromised due to authentication bypass.
Expected Output
For any token other than the correct original token (which is used while creating the logfile) must result in an authentication check failed error and without knowing the token , no one should be able to write to the logfile. Also, both logread and logappend functionality should be accessible if someone uses the correct original token.
Functionality Targeted as part of the test-case.
Authentication and Logfile Integrity
Bug Type: Security Bug Concerned Group : Group-10 Reported by : Pranjal (21110160)