[Security][Critical Risk] WAPT-C-2: Default Admin Account Can Reappear #2 #91
Description
Vulnerability Summary
Testers discovered a scenario in which it is possible to reenable the default admin account even if the password is changed.
Analysis of the Attack
The tester followed these steps to produce this issue:
o Set up the environment via the docker process
o Authenticate to the Portal
o Create a new Admin
o Log out of the default admin and log into the new Admin account o Change the password and delete the default admin account
o Log out of the application
o Try to log into the app with the default admin account -- note that this no longer works
because we changed the password (unlike WAPT-C-1)
o Log in with the new (non-default) admin account
o Demote the role to "Staff"
o Log out
o Try to log into the app with the default admin account -- note that this now reenables the
deleted admin account