XMLWordPrintable

    • Sprint 94 (Nov 2022), Sprint 95 (Dec 2022), Sprint 96 (Jan 2023), Sprint 97 (Feb 2023)
    • 4

      CSRF tokens should be generated in a way that is not guessable by the attacker, so if an attacker wants to send a request he should first get the CSRF token to include it in the request. Zabbix UI uses part of a session id as a CSRF token and is never changed between requests (not until the session is changed).

        1. image-2023-01-29-23-35-38-428.png
          128 kB
          Larisa Grigorjeva
        2. image-2023-01-29-23-39-21-113.png
          122 kB
          Larisa Grigorjeva
        3. image-2023-01-30-13-14-02-890.png
          21 kB
          Larisa Grigorjeva
        4. image-2023-01-30-13-15-35-403.png
          54 kB
          Larisa Grigorjeva
        5. screenshot-1.png
          61 kB
          Larisa Grigorjeva

            gcalenko Gregory Chalenko
            vjaceslavs Vjaceslavs Bogdanovs
            Team C
            Votes:
            0 Vote for this issue
            Watchers:
            13 Start watching this issue

              Created:
              Updated:
              Resolved: