[Security] Unauthenticated configuration patching via Management Agent

[RinZ27]

Description

Management Agent connections via WebSocket currently lack any form of authentication or encryption, potentially allowing unauthorized configuration changes. The client in lib/management/agentClient.js connects using insecure ws:// and processes NEW_OVERLAY messages by immediately applying them via patchConfiguration. Since no handshake or token validation exists, any entity capable of reaching the management port can push a malicious overlay to the server. This vulnerability, which I identified during a code audit, could lead to a full system compromise if the management interface is exposed.

Steps to reproduce the issue

1. Observe the WebSocket initialization in lib/management/agentClient.js.
2. Note the absence of authentication headers or a secure handshake protocol.
3. Review the on('message') handler where NEW_OVERLAY payloads are processed without validation.

Actual result

The system blindly trusts any message received on the management WebSocket.

Expected result

Connections should be secured using mTLS or at least a strong pre-shared token. Communication must also be upgraded to wss:// to prevent interception.

Additional information

• Affected file: lib/management/agentClient.js
• Severity: Critical (Access Control)