Blocked privilege escalation attempt from plugin

  • Resolved wsmadmin

    (@wsmadmin)


    5 years ago

    We are using the Premium version of the plugin Google Apps Login – https://www.ads-software.com/plugins/google-apps-login/ It allows for the creation of new users at our Google Apps domain. NinjaFirewall is blocking the privilege escalation attempt. How do we white list, or allow Google Apps login to create users at our defined role? We would ideally only like to whitelist from this known plugin, and still be able to block other escalation attempts that are not related.

    Here are two events from the log:
    11/Nov/19 19:27:40 #1628466 CRITICAL – 10.187.187.XX GET /wp-login.php – WordPress: Blocked privilege escalation attempt – [wsm_capabilities: a:1:{s:6:”editor”;b:1;}]

    11/Nov/19 19:40:03 #6545554 CRITICAL – 10.187.187.XX GET /wp-login.php – WordPress: Blocked privilege escalation attempt – [wsm_capabilities: a:1:{s:13:”administrator”;b:1;}]

    Thank you!

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author nintechnet

    (@nintechnet)

    You can’t whitelist it, that’s not possible.
    To create an editor or an admin user, NinjaFirewall expects you to have the edit_users capability. It seems your plugin doesn’t have that capability, hence it is blocked.
    There are only two solutions:
    * Give your plugin that capability while creating an account.
    * Disable the firewall protection by adding this line to your wp-config.php:
    define('NFW_DISABLE_PRVESC2', true);

    Soon I’ll add an option to disable it from the “Firewall Policies” page but to leave the option to receive the email notification so that, even if the protection was disabled, it would still be possible to be informed of the issue.

    Thread Starter wsmadmin

    (@wsmadmin)

    Thank you so much for the quick response! I will share this with the developer of the Google Apps Login Plugin and see if there is a change they can make on their end.

    In the meantime, If we do add the code to our wp-config.php as you suggested, what firewall protection is that disabling? Is it only user escalation, or is it more than that? Basically, what all does NFW_DISABLE_PRVESC2 do? I don’t want to open up new vulnerabilities without understanding the consequences.

    Thanks again!

    Plugin Author nintechnet

    (@nintechnet)

    It will disable the protection that blocks attempts to modify a user capability (e.g., creating an admin or editor account, upgrading an account from subscriber to admin etc) by someone who’s not an admin.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Blocked privilege escalation attempt from plugin’ is closed to new replies.