You should be attentive to the following points when configuring permissions:
When setting up a new application or upgrading an existing application, make sure that the appropriate check is set up to avoid the local denial of service.
When changing the permissions on the messages endpoint, make sure that the user account has the necessary permissions.
If you are using an external message broker, make sure that the permissions are set up correctly.
In some cases, the permission check on a message can be bypassed by adding a special character to the message. For example, if you are using Microsoft Exchange Server, a special character can be used to bypass the permission check and make the message sent from a low privileged user account instead of an administrator account.
If you do not want to restrict the message send from an account, but only want to restrict the message send from a specific user account, you can add a special character to the message. This way, anyone who tries to send a message from the specific user account will receive an error instead of a successful message send.
Configuring Authenticated Email Authentication
The following is a list of the most common methods for authenticating email in order to prevent unauthorized sending of email messages.
- The "smtp" authentication method
- The "plaintext" authentication method
- The "login" authentication method
Configuring Permission Check
The Permission Check is used to prevent the unauthorized message send, which includes the endpoints like messages and schedule. The endpoint will not be able to send messages if the permission check of the user account is failed.
In some cases, when a low-privileged user sends a message, it will be sent successfully. To disable this behavior, you have to add one of these special characters:
"&" - Nullifies the permission check of the authorization header
Configure permissions on the Application
You should be attentive to the following points when configuring permissions:
When setting up a new application or upgrading an existing application, make sure that the appropriate check is set up to avoid the local denial of service.
When changing the permissions on the messages endpoint, make sure that the user account has the necessary permissions.
If you are using an external message broker, make sure that the permissions are set up correctly.
In some cases, the permission check on a message can be bypassed by adding a special character to the message. For example, if you are using Microsoft Exchange Server, a special character can be used to bypass the permission check and make the message sent from a low privileged user account instead of an administrator account.
Timeline
Published on: 10/14/2022 19:15:00 UTC
Last modified on: 10/17/2022 19:57:00 UTC