-
Change Request
-
Resolution: Fixed
-
Trivial
-
6.4 (plan)
-
Sprint 94 (Nov 2022), Sprint 95 (Dec 2022), Sprint 96 (Jan 2023), Sprint 97 (Feb 2023)
-
4
CSRF tokens should be generated in a way that is not guessable by the attacker, so if an attacker wants to send a request he should first get the CSRF token to include it in the request. Zabbix UI uses part of a session id as a CSRF token and is never changed between requests (not until the session is changed).