Skip to content

Commit

Permalink
Merge pull request #736 from wrongecho/ir-agent-force-pw-reset
Browse files Browse the repository at this point in the history
Add function to reset all user/agent passwords in case of IR
  • Loading branch information
johnnyq authored Oct 8, 2023
2 parents dcd17c7 + 45b3311 commit fac9f95
Show file tree
Hide file tree
Showing 3 changed files with 80 additions and 0 deletions.
44 changes: 44 additions & 0 deletions post/user.php
Original file line number Diff line number Diff line change
Expand Up @@ -280,3 +280,47 @@
exit;

}

if (isset($_POST['ir_reset_user_password'])) {

// Incident response: allow mass reset of agent passwords

validateAdminRole();

validateCSRFToken($_POST['csrf_token']);

// Confirm logged-in user password, for security
$admin_password = $_POST['admin_password'];
$sql = mysqli_query($mysqli, "SELECT * FROM users WHERE user_id = $session_user_id");
$userRow = mysqli_fetch_array($sql);
if (!password_verify($admin_password, $userRow['user_password'])) {
$_SESSION['alert_type'] = "error";
$_SESSION['alert_message'] = "Incorrect password.";
header("Location: " . $_SERVER["HTTP_REFERER"]);
exit;
}

// Get agents/users, other than the current user
$sql_users = mysqli_query($mysqli, "SELECT * FROM users WHERE (user_archived_at IS NULL AND user_id != $session_user_id)");

// Reset passwords
while ($row = mysqli_fetch_array($sql_users)) {
$user_id = intval($row['user_id']);
$user_email = sanitizeInput($row['user_email']);
$new_password = randomString();
$user_specific_encryption_ciphertext = encryptUserSpecificKey(trim($new_password));

echo $user_email . " -- " . $new_password; // Show
$new_password = password_hash($new_password, PASSWORD_DEFAULT);

mysqli_query($mysqli, "UPDATE users SET user_password = '$new_password', user_specific_encryption_ciphertext = '$user_specific_encryption_ciphertext' WHERE user_id = $user_id");

echo "<br><br>";
}

// Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'User', log_action = 'Modify', log_description = '$session_name reset ALL user passwords', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id");

exit; // Stay on the plain text password page

}
31 changes: 31 additions & 0 deletions user_all_reset_password_modal.php
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
<div class="modal" id="resetAllUserPassModal" tabindex="-1">
<div class="modal-dialog modal-lg">
<div class="modal-content">
<div class="modal-body">
<div class="mb-4" style="text-align: center;">
<i class="far fas fa-10x fa-skull-crossbones text-danger mb-3 mt-3"></i>
<h2>Incident Response: Agent Password Reset</h2>
<br>
<div class="alert alert-danger" role="alert">
<b>This is a potentially destructive function.<br>It is intended to be used as part of a potential security incident.</b>
</div>
<h6 class="mb-4 text-secondary"><b>All ITFlow agent passwords will be reset and shown to you </b><i>(except yours - change yours first!)</i>.<br/><br/>You should communicate temporary passwords to agents out of band (e.g. via a phone call) and require they are changed ASAP.</h6>
<form action="post.php" method="POST">
<input type="hidden" name="csrf_token" value="<?php echo $_SESSION['csrf_token'] ?>">
<div class="row col-7 offset-4">
<div class="input-group">
<div class="input-group-prepend">
<input type="password" class="form-control" placeholder="Enter your account password to continue" name="admin_password" autocomplete="new-password" required>
</div>
</div>
</div>
<br>
<button class="btn btn-danger" type="submit" name="ir_reset_user_password"><i class="fas fa-fw fa-key mr-2"></i>Reset passwords</button>
</form>
</div>
<button type="button" class="btn btn-outline-secondary btn-lg px-5 mr-4" data-dismiss="modal">Cancel</button>

</div>
</div>
</div>
</div>
5 changes: 5 additions & 0 deletions users.php
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,10 @@
<button type="button" class="btn btn-primary dropdown-toggle dropdown-toggle-split" data-toggle="dropdown"></button>
<div class="dropdown-menu">
<!--<a class="dropdown-item text-dark" href="#" data-toggle="modal" data-target="#userInviteModal"><i class="fas fa-paper-plane mr-2"></i>Invite User</a>-->
<?php if ($num_rows[0] > 1) { ?>
<div class="dropdown-divider"></div>
<a class="dropdown-item text-danger" href="#" data-toggle="modal" data-target="#resetAllUserPassModal"><i class="fas fa-skull-crossbones mr-2"></i>IR</a>
<?php } ?>
</div>
</div>
</div>
Expand Down Expand Up @@ -197,4 +201,5 @@ function generatePassword() {
require_once("user_add_modal.php");
require_once("user_invite_modal.php");
require_once("user_export_modal.php");
require_once("user_all_reset_password_modal.php");
require_once("footer.php");

0 comments on commit fac9f95

Please sign in to comment.