VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities across different attack scenarios
1.36k
stars
161
forks
source link
API authorization fail with MFA-enabled account #157
2. Enable MFA on the account which created the API key (register a TOTP token).
3. Verify that you can log in VECTR with the account (logout, login)
4. Run the same curl query again with curl and you get and HTTP 401:
**Expected behavior**
The second query, with MFA enabled, should return the same result as the first one (MFA checks do not apply to API).
**Screenshots**
N/A
**Desktop**
- OS: Linux
- Curl
**Server**
Freshly updated with the latest release in 8.1.2
carlvonderheid
commented
2 years ago
Describe the bug Accessing the graphQL API with an API key tied to a user that has MFA enabled fails with an HTTP 401 error (unauthorized).
To Reproduce Steps to reproduce the behavior:
{"data":{"__schema":{"types":[{"name":"AlertSeverityValue"} [snip]
$ curl -k -i -X $'POST' \ -H 'Authorization: VEC1 M[snip]G:W[snip]=' -H 'Content-Type: application/json' \ -d $'{\"query\":\"query {__schema {types {name}}}\"}' https://[snip]/sra-purpletools-rest/graphql HTTP/1.1 401 Strict-Transport-Security: max-age=31536000 X-Frame-Options: DENY X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block Expires: Wed, 27 Jun 2012 05:15:00 GMT Last-Modified: Tue, 14 Dec 2021 16:13:30 GMT Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0 Date: Tue, 14 Dec 2021 16:13:31 GMT Content-Length: 0