Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-15146

Information disclosure vulnerability when using a ipv6 address to login

    XMLWordPrintable

    Details

    • Team:
      Team B
    • Sprint:
      Sprint 46, Nov 2018, Sprint 47, Dec 2018
    • Story Points:
      0.5

      Description

      Steps to reproduce:

      1. Use an ipv6 internet connection
      2. Navigate to login screen
      3. Use a valid username with a wrong password
      4. Click "Sign in"

      Result:
      See screenshot...

      This in fact an information disclosure vulnerability, since you can search for existing user accounts that way. I asked for an alternative way to submit this issue, but didn't get an answer for about two weeks.

        Attachments

          Activity

            People

            Assignee:
            Miks.Kronkalns Miks Kronkalns
            Reporter:
            akirchner Adrian Kirchner
            Votes:
            0 Vote for this issue
            Watchers:
            9 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: