Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-15146

Information disclosure vulnerability when using a ipv6 address to login

    Details

    • Team:
      Team B
    • Sprint:
      Sprint 46, Nov 2018, Sprint 47, Dec 2018
    • Story Points:
      0.5

      Description

      Steps to reproduce:

      1. Use an ipv6 internet connection
      2. Navigate to login screen
      3. Use a valid username with a wrong password
      4. Click "Sign in"

      Result:
      See screenshot...

      This in fact an information disclosure vulnerability, since you can search for existing user accounts that way. I asked for an alternative way to submit this issue, but didn't get an answer for about two weeks.

        Attachments

          Activity

            People

            • Assignee:
              Miks.Kronkalns Miks Kronkalns
              Reporter:
              akirchner Adrian Kirchner
            • Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: