Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-16145

Qualyscan: Potential Urgent Vulnerability ID 150052 Password is present in HTTP traffic unrelated to the login page (4)

XMLWordPrintable

    • Icon: Problem report Problem report
    • Resolution: Cannot Reproduce
    • Icon: Major Major
    • None
    • 3.0.26
    • Frontend (F)
    • None

      A security concern has been found during scanning. Hope anyone can provide a solution for this. The description as below:

      Potential Vulnerabilities:

      Urgent Presence of this vulnerability might enable intruders to compromise the web application's data store,
      obtain information from other users' accounts, or obtain command execution on a host in the web
      application's architecture. For example in this scenario, the web application users can potentially be
      targeted if the application is exploited.

      application, which should never expose a user's authentication credentials.
      Impact
      The web application exposes a user's password outside of the login process. A user's password should never be reused, reflected, or otherwise present in web
      traffic except during the authentication process.
      Solution
      The password should only be transferred during an authentication process. It should be stored by the web application in a hashed format using a strong hashing
      algorithm that includes a salt or a mechanism like PBKDF2. A strong pseudo-random token should be used in place of the password or its hash if the value must
      be transferred during a transaction other than authentication. All traffic that involves an authenticated user should use HTTPS or HTTP Strict Transport Security
      (HSTS).
      Detection Information
      Parameter No param has been required for detecting the information.
      Authentication In order to detect this vulnerability, no authentication has been required.
      Access Path Here is the path followed by the scanner to reach the exploitable URL:
      https://10.76.62.72:8443/zabbix/
      https://10.76.62.72:8443/zabbix/zabbix.php?action=dashboard.view
      https://10.76.62.72:8443/zabbix/search.php
      Payloads
      #1 Request
      Payload Password is plaintext
      Request GET https://10.76.62.72:8443/zabbix/search.php?sid=5a7ef109c3904d2b&form_refresh=1&s earch=1
      #1 Referer: https://10.76.62.72:8443/zabbix/
      #2 Cookie: zbx_sessionid=67863bdbc6e604de5a7ef109c3904d2b; PHPSESSID=l456g9p4tc3b8a79ko3nnohbe3;
      Click this link to try to reproduce the vulnerability using above payload.Note that clicking this link may not lead to visible results, either because the vulnerability
      requires context to be previously set (authentication, cookies...) or because the exploitation of the vulnerability does not lead to any visible proof.
      #1 Response
      comment: Matched link.
      ://10.76.62.72:8443/******/search.php?sid=5a7ef109c3904d2b&form_refresh=1&search=1

            vjaceslavs Vjaceslavs Bogdanovs
            yunongl Adrian LIN
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: