question

anders-3 avatar image
anders-3 asked

VRM security hole

I just lost my Read-Write access to my own VRM installation. They way to do so is to invite a user that is not used to VRM with Monitoring rights. Then when the same user manage to invite you to your own VRM installation he just got invited to with Monitor-Only rights, you will end up with Monitor-only rights too...


This needs to be fixed. A user with Monitor rights should not be able to invite anyone in the first place, and certainly not remove the owners read-write access to the account.

VRM
2 |3000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 190.8 MiB each and 286.6 MiB total.

1 Answer
Teun Lassche avatar image
Teun Lassche answered ·

Hi Anders, I'll send you an email.

That monitoring users can add monitoring users is by design

1 comment
2 |3000
Toggle Comment visibility. Current Visibility: Viewable by all users

Up to 8 attachments (including images) can be used with a maximum of 190.8 MiB each and 286.6 MiB total.

shicks3 avatar image shicks3 commented ·

Hello @Teun Lassche. I'm wondering why that would be by design? Would it be possible for you to send me email about it also? Thank you!

0 Likes 0 ·

Related Resources

Additional resources still need to be added for this topic