matt/refactored-recon
1
0
Fork 0
mirror of https://github.com/zvx-echo6/refactored-recon.git synced 2026-05-20 14:44:39 +02:00
Code Issues Projects Releases Packages Wiki Activity

Add CT 101 Caddy security audit findings

Browse source 
CRITICAL: RECON backends (8420, 8440) accept direct LAN/Tailscale
connections and trust X-Authentik-Username header unconditionally.
Verified exploitation: contacts read, API keys added via spoofed header.

Root cause: No firewall on RECON VM, services bind 0.0.0.0.
Caddy forward_auth is NOT bypassed - direct backend access is the vector.

P0 remediation: Firewall RECON to accept only from CT 101.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
Matt 2026-04-26 01:40:45 +00:00
commit 5afbbdcf4a
1 changed files with 478 additions and 758 deletions
Download patch file Download diff file Expand all files Collapse all files

1242
AUTH-PUBLIC-FRONTEND.md
View file

File diff suppressed because it is too large Load diff