Pterodactyl Panel SFTP Permission Retention Vulnerability

A vulnerability exists in Pterodactyl Panel versions through 1.11.11 that allows users to maintain active SFTP connections and access files even after their permissions have been revoked. This issue arises because the panel does not update SFTP permissions after the initial connection handshake. Users must have been connected to SFTP at the time their permissions were revoked for this vulnerability to be exploited.

Impact

Exploitation of this vulnerability allows for unauthorized access to server files via SFTP, bypassing permission restrictions.

Reproduction

To reproduce this vulnerability, connect to a server via SFTP while using Pterodactyl Panel version 1.11.11 or below. After establishing the connection, revoke the user's SFTP file access permissions through the panel. The user will remain connected and retain access to the files until the SFTP connection is manually closed or the Wings server is restarted.

Remediation

Upgrade to Pterodactyl Panel version 1.12.0, which addresses this vulnerability by ensuring that SFTP connections are properly terminated when a user's permissions are changed.