question

anders-3 avatar image

VRM security hole

I just lost my Read-Write access to my own VRM installation. They way to do so is to invite a user that is not used to VRM with Monitoring rights. Then when the same user manage to invite you to your own VRM installation he just got invited to with Monitor-Only rights, you will end up with Monitor-only rights too...


This needs to be fixed. A user with Monitor rights should not be able to invite anyone in the first place, and certainly not remove the owners read-write access to the account.

vrm portal
2 |3000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 190.8 MiB each and 286.6 MiB total.

1 Answer
Teun Lassche avatar image
Teun Lassche answered ·

Hi Anders, I'll send you an email.

That monitoring users can add monitoring users is by design

2 |3000 characters needed characters left characters exceeded

Up to 8 attachments (including images) can be used with a maximum of 190.8 MiB each and 286.6 MiB total.