## Summary:
During security testing of the email change functionality on the Telerik website, it was discovered that the application can be vulnerable to an account takeover attack. The vulnerability allows an attacker to change the email address associated with an account to their own email address, effectively taking over the victim's account.
## Vulnerability Details:
- **Functionality Description:**
- The Telerik website provides a functionality for users to request a change in their email address.
- This functionality consists of two sections: current email and new email.
- The current email is not accessible from the user interface, while the new email can be inputted by the user.
- After inputting the new email and clicking the "Change Email" button, the user's request is processed.
- **Attack Scenario:**
1. **Attacker Inputs Their Email:** The attacker inputs their own email address in the new email section.
2. **Intercepting the Request:** Using interception tools, the attacker intercepts the request before it is sent to the server.
3. **Modifying the Request:** The attacker modifies the request to replace their own email address with the victim's email address in the current email section.
4. **Consent Form Manipulation:** Additionally, the attacker can manipulate the consent form associated with the email change request to gain access to the victim's account without their consent.
5. **Changing the Email Address:** The modified request is forwarded to the server, resulting in the victim's email address being changed to the attacker's email address.
## Impact:
- **Account Takeover:** The vulnerability allows an attacker to take over the victim's account by changing the email address associated with it.
- **Data Access:** Once the attacker gains access to the victim's account, they may have unauthorized access to sensitive data and functionalities associated with the account.
## Mitigation Recommendations:
- **Input Validation:** Implement strict input validation to ensure that only legitimate email addresses are accepted in the new email section.
- **Consent Verification:** Require additional verification steps, such as email confirmation or user authentication, before processing email change requests.
- **Session Management:** Implement session management mechanisms to detect and prevent unauthorized access to account settings and functionalities.
- **Security Awareness:** Educate users about the risks of phishing attacks and social engineering tactics used by attackers to gain unauthorized access to accounts.
## Affected URL:
- Email Change Functionality: [https://www.telerik.com/account/support-center/email-change](https://www.telerik.com/account/support-center/email-change)
## Conclusion:
The discovered vulnerability poses a significant security risk to Telerik website users by allowing attackers to take over accounts through manipulation of the email change functionality. It is imperative for the development team to address this vulnerability promptly by implementing appropriate security controls and mitigations to safeguard user accounts from unauthorized access.
**Best Regards,**
Sagar Dhoot
PerformClick method of RadButtonElement is sending next error:
System.InvalidCastException: 'Unable to cast object of type 'System.EventArgs' to type 'System.Windows.Forms.MouseEventArgs'.
Find my code below:
private void btnAddField_Click(object sender, EventArgs e)
{
RadDiagramShape sourceShape = new RadDiagramShape()
{
Text = "source",
Shape = new RoundRectShape(5),
BackColor = Color.Red
};
sourceShape.Position = new Telerik.Windows.Diagrams.Core.Point(150, 100);
radDiagram.AddShape(sourceShape);
sourceShape.IsSelected = true;
RadButtonElement additionalContent = Telerik.WinControls.UI.Diagrams.Primitives.ItemInformationAdorner.GetAdditionalContent(
this.radDiagram.DiagramElement.ItemInformationAdorner) as RadButtonElement;
additionalContent.PerformClick();
}
What I want is to display the SettingsPane automatically when adding a RadDiagramShape item in a RadDiagram
Regards
Hi- When I add a Rad context menu to a RadToolbarForm, the toolbar vanishes from the designer after a build. This is new behavior because I have other context menus that I had previously added to the form. If I drag a RadContextMenu from the toolkit, or I copy/paste an existing context menu, the toolbar disappears after a build. I am running the latest release (2024.1.130) and toolkit config (although this also happens when running the previous Telerik release)
I tried closing the designer before the build and the toolbar still disappears. Doing a Clean before build has no effect. This form is inherited from a simple RadToolbar form (no controls except the toolbar). The toolbar is still listed in the list of controls for the form
Ha! Just found out what's happening. It's deleting the toolbar configuration code from the designer code. Everything below is gone. If I add it back in, then do anything with the new context menu, like rename it, it gets removed again
// RadToolbarFormControl1
//
RadToolbarFormControl1.AutoSize = false;
RadToolbarFormControl1.CenterItems.AddRange(new Telerik.WinControls.RadItem[] { RadLabelElement1, RadButtonElement_Task_New, RadButtonElement_Task_Edit, RadButtonElement_Task_Delete, RadCheckBoxElement_ShowCompleted });
RadToolbarFormControl1.CenterItemsVerticalAlignment = Telerik.WinControls.UI.RadVerticalAlignment.Bottom;
RadToolbarFormControl1.FarItems.AddRange(new Telerik.WinControls.RadItem[] { RadLabelElement_WorkHours, RadLabelElement_Work_StartDate, RadLabelElement_Work_EndDate, RadButtonElement_SelectDates, RadButtonElement_Invoices, RadButtonElement_Summary });
RadToolbarFormControl1.NearItems.AddRange(new Telerik.WinControls.RadItem[] { RadLabelElement2, RadLabelElement_Projects, RadButtonElement_New, RadButtonElement_Edit, RadButtonElement_Delete, RadButtonElement_Refresh });
RadToolbarFormControl1.ShowText = false;
RadToolbarFormControl1.Size = new Size(1804, 52);
Here's my dev environment:
Microsoft Visual Studio Community 2022Version 17.8.7
VisualStudio.17.Release/17.8.7+34601.278
Microsoft .NET Framework
Version 4.8.09037
Installed Version: Community
ActiveReports 16 16.3.1.0
The first report writer for Microsoft .NET
ASP.NET and Web Tools 17.8.358.6298
ASP.NET and Web Tools
Azure App Service Tools v3.0.0 17.8.358.6298
Azure App Service Tools v3.0.0
C# Tools 4.8.0-7.23572.1+7b75981cf3bd520b86ec4ed00ec156c8bc48e4eb
C# components used in the IDE. Depending on your project type and settings, a different version of the compiler may be used.
Code Converter 1.0
Code Converter Extension Details
Common Azure Tools 1.10
Provides common services for use by Azure Mobile Services and Microsoft Azure Tools.
Microsoft JVM Debugger 1.0
Provides support for connecting the Visual Studio debugger to JDWP compatible Java Virtual Machines
NuGet Package Manager 6.8.1
NuGet Package Manager in Visual Studio. For more information about NuGet, visit https://docs.nuget.org/
Progress Telerik UI for WinForms Extension 2023.3.1110.93
ProgressĀ® TelerikĀ® UI for WinForms Extension
TypeScript Tools 17.0.20920.2001
TypeScript Tools for Microsoft Visual Studio
Visual Basic Tools 4.8.0-7.23572.1+7b75981cf3bd520b86ec4ed00ec156c8bc48e4eb
Visual Basic components used in the IDE. Depending on your project type and settings, a different version of the compiler may be used.
Visual F# Tools 17.8.0-beta.23475.2+10f956e631a1efc0f7f5e49c626c494cd32b1f50
Microsoft Visual F# Tools
Visual Studio IntelliCode 2.2
AI-assisted development for Visual Studio.
I can't provide a project or even code snippets that would make sense out of context because the code base is too complex for an easy replication to be setup.
We are trying various things like calling Refresh, Update.
Hoping this is something you've encountered before and have some suggestions.
I just upgraded to the latest version of Telerik products and facing the issues described below.
When dragging and drop Telerik UI objects from the toolbar on a form, the dialog box below is displayed with question but there is no button to click to answer the question and I don't where to stop it.
See screenshot attached.
Hi All,
Note:- I am using Bound RadTreeview. Bound with DataSource.
1 Take RadTreeview
2 Add Few nodes Like:
......Node A
......Node B
......Node C
............Node D
............Node E
3 Now Drag Node B and Drop it in Node C (As Node C's Child)
4 It throw Exception Error Msg "Collection was modified; enumeration operation may not execute."
5 Now Try to Drag Node E and Drop it in Node B, again same error occurs
6 Full error screen i attached here.
Please reply as soon as possible.
Hello Guys,
Good Evening , As per your suggestions i make my custom treeview node with LiteVisualElements .
In That Node i have taken one StackLayoutElement and RoundRectShape assigned to it but still panel shows corners instead of round edges,
i tried with different properties and styles but not get succeed , so please help me out.
here i have attached image of my node and "stackLayoutElement" code too.
spnlControls = new StackLayoutElement();spnlControls.Orientation = Orientation.Horizontal;
spnlControls.NotifyParentOnMouseInput = true;
spnlControls.DrawFill = true;
spnlControls.DrawBorder = true;
spnlControls.Shape = new RoundRectShape(4);
spnlControls.BackColor = Color.Transparent;
spnlControls.BackColor2 = Color.Transparent;
spnlControls.BackColor3 = Color.Transparent;
spnlControls.BackColor4 = Color.Transparent;
spnlControls.BorderGradientStyle = GradientStyles.Solid;
Zooming in will throw an Exception that crashes the program.
The ZoomLevel needed to cause the exception is dependent on the area of the RadMap selected.
Provider: BingRestMapProvider
ImagerySet AerialWithLabelsOnDemand
Zooming in over Antarctica, Exception thrown zooming in at MapElement.ZoomLevel 14.
Zooming in over Australia, Exception thrown zooming in at MapElement.ZoomLevel 21.
Hi there,
We have recently found a bug on both the RadDocument and Rad Rich Text Editor. Created a RTF document via the RadRichText Editor. The RTF document contains a table. When the document is saved and loaded from the same form, it is displaying correctly, however when loaded from a different form, it seems to have shrunk and lost the column width, thus having long and skinny columns.
We have set the fixed column width on the table, however this did not seem to solve the issue.
I have attached two screenshots for reference. One with the correct looking table, and one with the long and skinny columns.
Is there a workaround, or is this a known bug?
Correct table:
Long and skinny columns:
Currently on Telerik Winforms version 2018.3.1016.40
Kind regards,
Paul
I have a form which contains TreeView control. I need to convert it to RadTreeView. So I replaced TreeView control with RadTreeView and TreeNode with RadTreeNode in the code. I found that the events in both are different, so tried to replace the events with similar events in RadTree.
Following are the events that I have replaced in my code :
1.
Private Sub TreeView1_AfterExpand(ByVal sender As Object, ByVal e As System.Windows.Forms.TreeViewEventArgs) Handles tvMain.AfterExpand
Replaced by -
Private Sub TreeView1_AfterExpand(ByVal sender As Object, ByVal e As Telerik.WinControls.UI.RadTreeViewEventArgs) Handles tvMain.NodeExpandedChanged
2.
Private Sub TreeView1_AfterCollapse(ByVal sender As Object, ByVal e As System.Windows.Forms.TreeViewEventArgs) Handles tvMain.AfterCollapse
Replaced by -
Private Sub TreeView1_AfterCollapse(ByVal sender As Object, ByVal e As Telerik.WinControls.UI.RadTreeViewEventArgs) Handles tvMain.NodeExpandedChanged
and included Expanded flag to check if it is expand or collapse.
Here, I noticed unwanted firing of this replaced event when compared to the old event, but I handled it using the Expanded flag.
3.
Private Sub tvMain_AfterSelect(ByVal sender As System.Object, ByVal e As System.Windows.Forms.TreeViewEventArgs) Handles tvMain.AfterSelect
Replaced by -
Private Sub tvMain_AfterSelect(ByVal sender As System.Object, ByVal e As Telerik.WinControls.UI.RadTreeViewEventArgs) Handles tvMain.SelectedNodesChanged
This event gets fired twice while clicking on a node.
My main issues are,
- During the initial load of the form, the tree gets populated and at that time the select event (mentioned in point 3) fires automatically in my old project in which TreeView is used. But in the new project, during the load of the form the replaced event is not fired.
- Similarly, when I clicks a node , the replaced select event fires twice. After that I have a button in the same form which works like, when we click on a node and then click on the add button it will add a new node to the tree under the selected node. Now the functionality of the button doesnt work because, within the click function of add button, treeView1.selectedNode is 'Nothing'. Eventhough the select event is fired on clicking the node, the selectednode is 'Nothing' inside the click function of add button.
1. Select the ColorBox's ellipses to open the Color Dialog
2. Select the Web tab
3. Select Any colour in this Page
4. Select Transparent
Colour will update
5. Select the Professional tab
6. Select any colour
Colour won't update
7. Select any colour
Colour won't update
8. Select OK on Dialog
Colour will be transparent
Values will be same as selected in step 7
Hi Dinko and Team,
As I mentioned in the previous forum, We need fix for Raddropdownlist.SelectedIndex.
When we set SelectedIndex=5 or some value in selectedIndexchangedEvent then the recursive call is happening for SelectedIndex. So we need to restrict the recursive call for both Raddropdownlist.DataSource as well as Raddropdownlist.SelectedIdex.
private void radDropDownList1_SelectedIndexChanged(object sender, Telerik.WinControls.UI.Data.PositionChangedEventArgs e)
{
fillIndustryProcess1(); // radDropDownList1.DataSource = dt; when we set Datasource the recursive call is occurring
radDropDownList1.SelectedIdex = 5; // radDropDownList1.SelectedIdex= 5; when we set Datasource the recursive call is occurring
}
public void fillIndustryProcess1(){
try
{
System.Data.DataTable dt = new System.Data.DataTable();
if (dt.Columns.Count > 0)
{
dt.Columns.Add("Industry", typeof(string));
dt.Columns.Add("ID", typeof(int));
dt.Rows.Add("BGL-0", 0);
dt.Rows.Add("BGL-1", 1);
dt.Rows.Add("BGL-2", 2);
dt.Rows.Add("BGL-3", 3);
dt.Rows.Add("BGL-4", 4);
radDropDownList1.DisplayMember = "Industry";
radDropDownList1.ValueMember = "ID";
}
radDropDownList1.DataSource = dt;// Recursive call occurs
radDropDownList1.SelectedIndex = 0;/ Recursive call occurs
}
catch (System.ComponentModel.Win32Exception ex)
{
throw ex;
}
}
Old Forums in which , Telerik team fixed the RadDropDownList .SelectedValue.
Previous forums in which , Telerik team yet to fix for RadDropDownList.Datasource.
Thanks,
Maheswari
Hello support,
here is what happend:
I created a RadFrom with controlls on it.
Then i add it to my RadDock like this:
private void Add_RadForm_asDocument_ToRadDock(RadDock rd, HostWindow hw, object radform, string title)
{
bool found = false;
foreach (var item in radDock_main_notr.DockWindows)
{
if (item.GetType() == typeof(HostWindow))
{
if (((HostWindow)item).Name == radform.GetType().Name + "1")
{
found = true;
hw = (HostWindow)item;
}
}
}
if (found == false && radform != null)
{
if (hw == null || hw.Text == "")
{
hw = rd.DockControl((System.Windows.Forms.Control)radform, DockPosition.Fill, DockType.Document);
}
}
hw.Text = title;
hw.CloseAction = DockWindowCloseAction.Close;
hw.ToolCaptionButtons = ToolStripCaptionButtons.None;
hw.Select();
}The RadFrom is added to the RadDock:
Settings is the new RadFrom thats now docked.
But when i try to use the RadDropDownList then its "stucks" (also the other GUI controls):
The changed selection of the RadDropDownList will not change.
When i close the RadForm via the "x" and eropen it again it works.
Dear Telerik Team!
Even though your components are one of my favourite 3rd party tools that I use in software development for years now; I have to rise a bug ticket for component called "TelerikMultiSelect". The problem is that when the autocomplete box's data source is updated for the first time using a timer's event the autocomplete box remains empty and I have to click outside and the inside of the input again.
Please consider investigating and fixing this issue.
Kind Regards,
BalƔzs Koncz
When setting the theme to a "touch/material" theme the padding & RadRibbonBar size increases.
When switching to a theme that isn't this type the spacing remains.
Non "touch/material" theme originally
Switch to "touch/material" theme
Switching back to a non "touch/material" theme
When testing this in the Telerik Theme Viewer when switching from a "touch/material" theme to a non "touch/material" type a message box instructing application restart is required is returned.
I have made an override for class GridViewDataRowInfo (called GridViewDataRowInfoPlus)
Every time a new row is created by RadGridView, I expect OnCreateRowInfo to be called, so I can return my own instance of GridViewDataRowInfoPlus.
This goes well until a user enters new data in a new row and when this row is added the grid, OnCreateRowInfo is not being called and an instance of GridViewDataRowInfo is added to the grid.
For me that is unexpected and undesirable. Maybe I am doing it wrong. In that case: What is the correct way to intercept the row-creation-process and return instances of my own type?
Repro steps:
- Make a datatable with a string-column with a max. length of 10 characters.
- Add a row with a string of max. 10 characters.
- Bind it to a RadGridView
- Add an event-handler to DataError which will cancel the action if a data error occurs.
- In the UI, enter data into the cell. Make it longer than 10 characters.
Expected behavior:
- The same behavior as CellValidating.
- De user stays inside the editor so it can modify the text.
Observed behavior:
- The editor is closed, the new text is not displayed.
Report steps:
- Make a datatable with a string-column with a max. length of 10 characters.
- Will the datatable with some data.
- Bind it to a RadGridView
- In Excel (or another applicatie) create a now table with some strings, this time longer that 10 characters.
- Paste this data from Excel to the RadGridView
Expected behavior:
- The strings that are to long will either cause an exception or they are truncated.
Observed behavior:
- The string with the value that is to long is skipped during pasting.
Extra detail:
In the method MasterGridViewTemplate.PasteDataToRow the next piece is code is located:
if (CurrentView.ViewTemplate.Columns[columnIndex].DataType == typeof(string))
{
if (column is GridViewTextBoxColumn viewTextBoxColumn && viewTextBoxColumn.MaxLength > 0 && rowData[rowIndex].Length > viewTextBoxColumn.MaxLength)
obj = rowData[rowIndex].Substring(0, viewTextBoxColumn.MaxLength);
}
When I create a new form-class, which derives from RadFrom, and I override the method OnLoad, then OnLoad is called during construction. This should never happen!
As Microsoft states: "The OnLoad method also allows derived classes to handle the event without attaching a delegate. This is the preferred technique for handling the event in a derived class."
See: https://docs.microsoft.com/en-us/dotnet/api/system.windows.forms.form.onload?view=windowsdesktop-6.0
The OnLoad method can be used to load controls with data. But these controls are not even initialized, because the method InitializeComponent has not been called yet.