ZacharyZcR
057640dd23
SECURITY FIX: Eliminate privilege escalation via database error exploitation
Critical Vulnerability Fixed:
- Database errors during user count check resulted in automatic admin privileges
- Any user could potentially gain admin access by triggering DB failures
- Affected both regular user registration and OIDC user creation
Root Cause Analysis:
```typescript
} catch (e) {
isFirstUser = true; // 💀 DANGEROUS: DB error = admin privileges
```
Linus-Style Solution - Fail Secure:
✅ Database error = reject request (don't guess permissions)
✅ Legitimate first user still gets admin (when DB works correctly)
✅ Attackers cannot exploit DB failures for privilege escalation
✅ Clear error logging for debugging
Security Impact:
- BEFORE: Database DoS → privilege escalation attack vector
- AFTER: Database error → secure rejection, no privilege guessing
Files Modified:
• users.ts:221 - Fixed user registration privilege escalation
• users.ts:670 - Fixed OIDC user creation privilege escalation
"When in doubt, fail secure. Don't guess privileges." - Security Engineering 101
2025-09-21 04:04:38 +08:00
..
2025-09-12 14:42:00 -05:00
2025-09-21 03:00:59 +08:00
2025-09-21 03:00:59 +08:00
2025-09-21 04:04:38 +08:00