[Bug]: Security issues #101
Description
Affected Component
Core Services (Frontend UI/Backend API)
Describe the bug
Critical: default admin credentials are documented and seeded
README.md:651, backend/migrations/sql/20241026_115120_initial_state.sql:85, backend/migrations/
sql/20241026_115120_initial_state.sql:87
Impact: fresh/unchanged deployments are immediately takeable.
Note: password_change_required is seeded true (backend/migrations/sql/20241026_115120_initial_state.sql:92) but
backend login does not enforce it server-side (backend/pkg/server/services/auth.go:101, backend/pkg/server/
services/auth.go:115, backend/pkg/server/services/auth.go:121), while frontend does client-side handling (frontend/
src/providers/user-provider.tsx:155).
2. Critical: container-to-host boundary is weak in common configs
docker-compose.yml:144, docker-compose.yml:148, backend/pkg/docker/
client.go:267, .env.example:157, .env.example:158, .env.example:159
Impact: app/container compromise can become host Docker daemon control, then host takeover.
3. Critical: user task input can drive arbitrary Docker image execution
backend/pkg/templates/prompts/image_chooser.tmpl:10, backend/pkg/providers/providers.go:336, backend/pkg/tools/
tools.go:388, backend/migrations/sql/20241215_132209_new_user_role.sql:14
Impact: authenticated users can steer runtime image selection; with weak isolation this is a high-risk RCE path.
4. High: OAuth auto-provisions active accounts without allowlist/invite gate
backend/pkg/server/services/auth.go:507, backend/pkg/server/services/auth.go:509, backend/pkg/server/services/
auth.go:511
Impact: if OAuth is enabled on an internet-facing instance, account creation surface is broad.
5. High: OAuth callback GET path does not validate returned state against request
backend/pkg/server/services/auth.go:314, backend/pkg/server/services/auth.go:321, backend/pkg/server/services/
auth.go:333 vs POST check at backend/pkg/server/services/auth.go:370
Impact: weaker CSRF/login integrity on GET callback path.
6. High: session expiry not enforced in auth middleware
backend/pkg/server/auth/auth_middleware.go:91, backend/pkg/server/auth/auth_middleware.go:111; expiry check exists
only in /info flow (backend/pkg/server/services/auth.go:735)
Impact: replay window may exceed intended session timeout semantics.
7. Medium: cookie hardening gaps
backend/pkg/server/services/auth.go:156, backend/pkg/server/services/auth.go:159, backend/pkg/server/services/
auth.go:196, backend/pkg/server/services/auth.go:199, backend/pkg/server/services/auth.go:547, backend/pkg/server/
services/auth.go:550
Impact: no explicit SameSite; Secure depends on TLS detection and can misbehave behind some proxy setups.
8. Medium: request-triggerable panic in OAuth state parser
backend/pkg/server/services/auth.go:600, backend/pkg/server/services/auth.go:601
Impact: malformed short state can panic this request path (DoS-class bug).
9. Medium: browser tool disables TLS verification and has no client timeout
backend/pkg/tools/browser.go:401, backend/pkg/tools/browser.go:402, backend/pkg/tools/browser.go:404, backend/pkg/
tools/browser.go:412
Impact: MITM exposure + hanging request/resource exhaustion risk.
10. Medium: unbounded memory usage paths
backend/pkg/tools/terminal.go:197, backend/pkg/tools/terminal.go:279, backend/pkg/tools/browser.go:412
Impact: memory DoS via large outputs/files/responses.
11. Medium: authorization string typos in permission checks
backend/pkg/server/services/users.go:184, backend/pkg/server/services/users.go:321, backend/pkg/server/services/
users.go:432, backend/pkg/server/services/users.go:519, backend/pkg/server/services/roles.go:66
Impact: access-control logic drift (likely unintended deny behavior and brittle security policy).
12. Low/Medium: inconsistent password policy enforcement
Weak policy in user create/edit model (backend/pkg/server/models/users.go:103) vs strong policy only in current-
user password change (backend/pkg/server/models/users.go:168).
13. Conditional risk: permissive origin handling when * is used
backend/pkg/config/config.go:46, backend/pkg/server/router.go:143, backend/pkg/server/router.go:145, backend/pkg/
server/services/graphql.go:173, backend/pkg/server/services/graphql.go:181
Impact: broad cross-origin surface if deployed with wildcard origins.
Most likely compromise chain in a weak deployment:
- Login with default admin (README.md:651).
- Create a flow and force a chosen image (backend/pkg/templates/prompts/image_chooser.tmpl:10).
- Reach host Docker via socket mounts/root context (docker-compose.yml:144, docker-compose.yml:148, backend/pkg/
docker/client.go:267).
Steps to Reproduce
Analyse the codebase
System Configuration
Windows
Logs and Artifacts
No response
Screenshots or Recordings
No response
Verification
- I have checked that this issue hasn't been already reported
- I have provided all relevant configuration files (with sensitive data removed)
- I have included relevant logs and error messages
- I am running the latest version of PentAGI