davift opened a new issue, #13339: URL: https://github.com/apache/cloudstack/issues/13339
### The required feature described as a wish **Description:** CloudStack does not require users to re-verify their identity (step-up authentication) before performing high-impact operations such as deleting or expunging resources or resetting and revealing secrets, such as API keys of other user accounts. Once a user is authenticated for a session, all actions are permitted without additional verification. **Affected Components:** Management UI **Impact:** If a valid user session is hijacked (e.g., through XSS, session token theft, or an unattended workstation), an attacker can immediately perform irreversible, destructive actions or extract sensitive credentials without any additional authentication barrier. Requiring TOTP verification as a step-up factor would block this attack vector, whereas a Static PIN would not, as it offers no time-bound or replay-resistant protection. **Steps to Reproduce:** - Log in to the CloudStack Management UI as a Root Admin. - Navigate to Compute > Instances > Select any instance > Click on Delete. - Observe that the action proceeds to a confirmation dialog without any prompt for TOTP verification. **Recommended Remediation:** Implement step-up authentication for a defined list of sensitive or destructive operations. Require the user to enter their current TOTP code before executing the operation. Log all step-up authentication events for auditing. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
