Bug during installation process

[Lysaer]

Found a security hole/bug while upgrading the Fortress Server software today.

When the installation asks for the Admin password, if you hit cancel and let the installation close out, then restart the installation, you can reset the Admin password.

Is this by design or a bug?

[lbauer]

Not sure.

We'll see if we can reproduce this.

[Lysaer]

I have to say, it was a good thing in this one instance, but I'm not sure I'd like it to be a continuing feature.

[lbauer]

The Vault installer deletes most of the existing installation (except the database) during an upgrade, and adds new files.

I tried your steps, and found that when you cancel the installation, the entire installation is rolled back, so that files that were installed are deleted. So when you run the installer again, you are basically doing a fresh installation using the same database. This is why you are able to reset the admin password.

I would say this behavior is by design.

[Lysaer]

Seems like this is a security hole. If someone gains access to the physical Fortress server but cannot access Fortress itself, they can reset the admin password in this method and gain access. Granted, the security on the server should prevent this. But if a technician is administering something on the server, such as OS patching, they would not be someone who would have or need Fortress access.

[Beth]

If we required a password to uninstall, then those who forget or lose the admin password would need another method to reset it. Having an available method for admin password resetting though can cause a bigger problem I think.

Do you have a suggestion for what you would prefer to see? Is there some other software on your server that you've seen prevents a technician who has permissions on that machine from messing with it in some way through Windows? This might be something you can prevent instead with some carefully planned Windows security.