[ZBX-15146] Information disclosure vulnerability when using a ipv6 address to login - ZABBIX SUPPORT

XML

Word

Printable

Details

Type: Problem report
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 4.0.1
Fix Version/s: 3.0.25rc1, 4.0.3rc1, 4.2.0alpha2, 4.2 (plan)
Component/s: API (A)
Labels:
- frontend

Team:
Team B
Sprint:
Sprint 46, Nov 2018, Sprint 47, Dec 2018
Story Points:
0.5

Description

Steps to reproduce:

Use an ipv6 internet connection
Navigate to login screen
Use a valid username with a wrong password
Click "Sign in"

Result:
See screenshot...

This in fact an information disclosure vulnerability, since you can search for existing user accounts that way. I asked for an alternative way to submit this issue, but didn't get an answer for about two weeks.

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

screenshot.png
12 kB
2018 Nov 08 19:44

Activity

People

Assignee:: Miks Kronkalns

Reporter:: Adrian Kirchner

Votes:: 0 Vote for this issue

Watchers:: 9 Start watching this issue

Dates

Created:: 2018 Nov 08 19:44

Updated:: 2018 Dec 14 10:06

Resolved:: 2018 Dec 13 17:08