Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-16532

Zabbix before 4.2 allows User Enumeration

    XMLWordPrintable

Details

    • Incident report
    • Resolution: Duplicate
    • Minor
    • None
    • 4.4.0alpha1
    • API (A), Frontend (F)
    • None

    Description

      Zabbix before 4.2 allows User Enumeration. It is possible to enumerate application username based on different server responses (Login name or password is incorrect, Account is blocked for N seconds, No permissions for system access) using the requests to login.

      API Request

      POST /zabbix/api_jsonrpc.php HTTP/1.1
Host: company
Content-Type: application/json-rpc

{
"jsonrpc": "2.0",
"method": "user.login",
"params": {
"user": "Admin",
"password": "zabbix"
},
"id": 1
}

      Web Interface Request

      POST /zabbix/index.php HTTP/1.1
Host: company
Content-Type: application/x-www-form-urlencoded

name=Admin&password=password&autologin=1&enter=Sign+in

      Attachments

        Issue Links

          duplicates

          Defect (Security) - Discovered security vulnerabilities in Zabbix ZBX-5842 exploit to check for an existence of the user with specified username

          • Trivial - Cosmetic problem like misspelt words or misaligned text.
          • Closed

          Activity

            People

              zabbix.dev Zabbix Development Team
              itsecurityco itsecurityco
              Votes:
              2 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: