search

SecurityRiskAdvisors / VECTR

VECTR is a tool that facilitates tracking of your red and blue team testing activities to measure detection and prevention capabilities across different attack scenarios
1.34k stars 156 forks source link

Login redirects to "sravectr.internal" causing error #254

Closed leandrorius closed 5 months ago

leandrorius commented 5 months ago

Describe the bug Using a VECTR instance with a internal DNS entry (ex: vectr.mycompany.com) causes errors while trying to login with an invalid user or passorwd, or login with MFA enabled, or first-time access password changes. Everything works fine until the submit of user and password. After the submit on any of the situations mentioned, the user is redirected from vectr.mycompany.com to sravectr.internal, causing a name resolution failure. When accessing with a valid user, valid password and no MFA enabled, this error does not happens. The user is redirected to the VECTR main page correctly.

Here's the .env used:

# .env file

APP_NAME=VECTR

# VECTR_HOSTNAME=sravectr.internal
VECTR_HOSTNAME=vectr.mycompany.com
VECTR_PORT=8081

# defaults to warn, debug useful for development
VECTR_CONTAINER_LOG_LEVEL=WARN

# If you supply a username:password in the URL, it will get overridden by MONGO_INITDB_ROOT_USERNAME and MONGO_INITDB_ROOT_PASSWORD
MONGO_URL=mongodb://vectr-mongo:27017/?authSource=admin

# MongoDB authentication username
MONGO_INITDB_ROOT_USERNAME=admin

# Change and store in a safe place
MONGO_INITDB_ROOT_PASSWORD=XXXXXXXXXXXX

# PLEASE change this and store it in a safe place.  Encrypted data like passwords
# to integrate with external systems (like TAXII) use this key
VECTR_DATA_KEY=XXXXXXXXXXXXXXX

# JWT signing (JWS) and encryption (JWE) keys
# Do not use the same value for both signing and encryption!
# It is recommended to use at least 16 characters. You may use any printable unicode character
# PLEASE change these example values!
JWS_KEY=XXXXXXXXXXXXXXXXX
JWE_KEY=XXXXXXXXXXXXXXXXX

# This sets the name of your project.  Will show up in the name of your containers.
COMPOSE_PROJECT_NAME=sandbox1

# This is where the mongodb mounts.
VECTR_DATA_DIR=/var/data/

To Reproduce Steps to reproduce the behavior:

  1. Go to login page using DNS name for the system (i.e. vectr.mycompany.com)
  2. Try to login with an invalid user or password
  3. See error

Expected behavior The user should stay on vectr.mycompany.com and receive a "invalid username or password" error instead of being redirected to sravectr.internal

Additional context When I add sravectr.internal to my hosts file pointing to the VECTR server IP, the problem is workarounded.

SRAPSpencer commented 5 months ago

Hm, thanks for reporting this. Can you try adding

VECTR_EXTERNAL_HOSTNAME=

To your .env file with the same setting as VECTR_HOSTNAME and see if that resolves the issue?

leandrorius commented 5 months ago

@SRAPSpencer Your suggestion worked perfectly! I've just added VECTR_EXTERNAL_HOSTNAME=vectr.mycompany.com to .env file (keeping VECTR_HOSTNAME as well), restarted docker, and the problem is solved.

Awsome, thank you!