search

vx3r / wg-gen-web

Simple Web based configuration generator for WireGuard
https://wg-gen-web-demo.127-0-0-1.fr
Do What The F*ck You Want To Public License
1.59k stars 191 forks source link

!!!!! Very Important Security bug #87

Closed PrzemekSkw closed 3 years ago

PrzemekSkw commented 3 years ago

I have that app on my vpn server and everyone who login with github account can enter my panel and change my wireguard configs. Regards

vx3r commented 3 years ago

this is how oauth2 oidc works, not sure there is a way to limit users

malikshi commented 3 years ago

So it's become public server?

PrzemekSkw commented 3 years ago

@malikshi Yes, every one who Has github account can login on my panel.

malikshi commented 3 years ago

Bad news to Low spec vps and limited bw.

PrzemekSkw commented 3 years ago

Yes, I use nginx-proxy, but I don't think it's true that @vx3r says:

this is how oauth2 oidc works, not sure there is a way to limit users

There has to be way to secure that. That will be useless. regards.

vx3r commented 3 years ago

i suggest using nginx basic auth or a oauth server you control (self hosted gitlab for example)