Dnn.Platform icon indicating copy to clipboard operation
Dnn.Platform copied to clipboard

Published 20 hours ago verified publisher icon dnnsoftware

[Bug]: DNN - Azure Connector - Folder/File Security Issue

Open tpperlman opened this issue 1 year ago • 2 comments
trafficstars

Is there an existing issue for this?

  • [X] I have searched the existing issues

What happened?

We're developing a file integration for a client that uses the Azure connector for secure storage. The integration works well, but it does not enforce the security settings defined on the folder or any of its subfolder in Resource Manager. As a result, unauthenticated users can download files if they have the LinkClick URL.

When we create download links like this:

FileLinkClickController.Instance.GetFileLinkClick(file);

...the resulting URL can be shared and files opened by unauthenticated users:

http://dnndev.me/LinkClick.aspx?fileticket=KFbrWZP0Cco%3d&portalid=1

Here's an example of how we have the permissions setup:

DNN Connector Security Issue

Steps to reproduce?

  1. Create an Azure blob share.
  2. Use the Azure Connector in DNN and map it to a folder in Resource Manager.
  3. Set the folder to exclude access from All Users and Registered Users.
  4. Upload a file into the folder.
  5. Generate a secure link to the file as an admin using GetFileLinkClick().
  6. Copy the link, paste it into a new private browsing window and notice that the secure file opens for unauthenticated users.

Current Behavior

Unauthenticated users can download files if they have the LinkClick URL

Expected Behavior

Unauthenticated users that use the LinkClick URL should be redirected to login in order to ensure they have access to the folder and file.

Relevant log output

No response

Anything else?

No response

Affected Versions

9.13.0 (latest release)

What browsers are you seeing the problem on?

No response

Code of Conduct

  • [X] I agree to follow this project's Code of Conduct

tpperlman avatar Dec 15 '23 21:12 tpperlman

@dnnsoftware/approvers I know there was a discussion around this at one time.

Where should this responsibility lie for security? The LinkClick.aspx code within DNN Platform, or the code in the provider. As it is the permissions of DNN that need to flow through.

mitchelsellers avatar Dec 15 '23 22:12 mitchelsellers

Well I guess where to apply the fix depends a bit on where we find the bug to be...

valadas avatar Dec 16 '23 02:12 valadas