Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

EDR: Unable to Create User and Insufficient Privileges to Access this Page

EDR: Unable to Create User and Insufficient Privileges to Access this Page

Environment

  • EDR Console: 6.2.4 and Higher
  • EDR Server: 6.2.3 and Higher

Symptoms

  • Using a custom WebUI port
  • Red error message pops up when updating user password
    Unable to create user
  • Red error message pops up with verified permissions for live-response or moving sensors to a new group
    Insufficient privileges to access this page
  • /var/log/cb/coreservices/debug.log error message
    2018-12-26 9:21:02 [64433] <warning>  flask.app - Forbidden (Referer checking failed: https://servername:8443/ does not match https://servername/.):

Cause

Nginx is not forwarding the custom port in the header for CSRF

Resolution

  1. Open /etc/cb/nginx/conf.d/includes/headers.includes
  2. Find the following line
    proxy_set_header       Host               $host;
    1. Edit to:
      proxy_set_header       Host               $host:$server_port;
      1. Save and restart just the nginx service
        CentOS 6: service cb-nginx restart
        CentOS 7: sudo systemctl restart cb-nginx

        Additional Notes

        • Copy and pasting can cause additional hidden characters
        • The change forces Nginx to send the port in the header to match what the CSRF originally had seen

        Related Content


        Labels (1)
        Was this article helpful? Yes No
        No ratings
        Article Information
        Author:
        Creation Date:
        ‎09-09-2020
        Views:
        396
        Contributors