This website requires JavaScript.
Explore
Help
Register
Sign In
azcomputerguru
/
guru-connect
Watch
1
Star
0
Fork
0
You've already forked guru-connect
Code
Issues
18
Pull Requests
Actions
Packages
Projects
Releases
2
Wiki
Activity
Labels
Milestones
New Issue
8 Open
0 Closed
Label
Show archived labels
Use
alt
+
click/enter
to exclude labels
All labels
No label
component:agent
component:dashboard
component:server
security
severity:critical
severity:high
Milestone
All milestones
No milestones
Project
All projects
No project
Author
All users
Assignee
Assigned to nobody
Assigned to anybody
azcomputerguru
Sort
Newest
Oldest
Most recently updated
Least recently updated
Most commented
Least commented
Nearest due date
Farthest due date
Label
8 Open
0 Closed
Close
Label
Clear labels
component:agent
component:dashboard
component:server
security
severity:critical
severity:high
Milestone
No milestone
Projects
Clear projects
Assignee
Clear assignees
No assignee
azcomputerguru
[H8] cak_ store ACL set via bare icacls (PATH search) from SYSTEM -> LPE; silent weaker store on failure
component:agent
security
severity:high
#22
opened
2026-06-05 17:35:59 -07:00
by
azcomputerguru
[H7] Attended-consent MessageBoxW awaited inside agent main loop -> up to ~60s of no heartbeats/stop processing
component:agent
security
severity:high
#21
opened
2026-06-05 17:35:54 -07:00
by
azcomputerguru
[H6] Dashboard JWT in sessionStorage, blindly attached as Bearer, no exp/refresh/idle-timeout
component:dashboard
security
severity:high
#20
opened
2026-06-05 17:35:49 -07:00
by
azcomputerguru
[H5] Server does not block self-role-demotion (only self-delete); lockout guard is client-only
component:dashboard
component:server
security
severity:high
#19
opened
2026-06-05 17:35:45 -07:00
by
azcomputerguru
[H4] token_blacklist cleanup_expired re-verifies every JWT signature; stores whole tokens in RAM
component:server
security
severity:high
#18
opened
2026-06-05 17:35:38 -07:00
by
azcomputerguru
[H3] revoke_user_tokens is a 501 stub whose comment claims partial behavior
component:server
security
severity:high
#17
opened
2026-06-05 17:35:33 -07:00
by
azcomputerguru
[H2] Bootstrap admin plaintext password written to .admin-credentials + info! log fallback
component:server
security
severity:high
#16
opened
2026-06-05 17:35:28 -07:00
by
azcomputerguru
[H1] No rate-limit/lockout on the login path
component:server
security
severity:high
#15
opened
2026-06-05 17:35:23 -07:00
by
azcomputerguru