Description
During signup, users can manually include a role field in the request body to assign themselves admin privileges. This is a serious security flaw.
Expected Behavior:
All users should be assigned the default role ("user") by the backend. Role should not be settable via the signup API.
Actual Behavior:
If a user sends:
{ "username": "test", "email": "test@example.com", "password": "123456", "role": "admin" }
They get registered as an admin.
Impact:
- Complete loss of access control.
- Any user can gain admin privileges and perform sensitive actions.
- Critical risk to data integrity, privacy, and application functionality.
Suggested Fix:
- Remove the
role field from the accepted signup payload on the backend.
- Enforce role assignment in the backend logic, setting the default to
"user".
- Add validation and whitelist allowed fields during account creation.
- Consider logging and alerting on suspicious signup attempts with unexpected fields.
Screenshots:
Checklist
Description
During signup, users can manually include a role field in the request body to assign themselves admin privileges. This is a serious security flaw.
Expected Behavior:
All users should be assigned the default role ("user") by the backend. Role should not be settable via the signup API.
Actual Behavior:
If a user sends:
{ "username": "test", "email": "test@example.com", "password": "123456", "role": "admin" }They get registered as an admin.
Impact:
Suggested Fix:
rolefield from the accepted signup payload on the backend."user".Screenshots:
Checklist