Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-18894

CEncryptHelper::updateKey has fixed configid condition - cookie signature validation fails in certain installations

    XMLWordPrintable

    Details

    • Team:
      Team D
    • Sprint:
      Sprint 72 (Jan 2021), Sprint 73 (Feb 2021), Sprint 74 (Mar 2021)
    • Story Points:
      0.125

      Description

      Steps to reproduce:

      1. You need an old installation with IDs from distributed monitoring or any configid != 1

      Result:
      CEncryptHelper::updateKey() has "dbConditionInt('configid', [1])" as condition. So the update query to the DB doesn't do anything and session_key will never be set. Resulting in a failing cookie signature validation.
      All users will be downgraded to the guest user.
      Expected:

      "dynamic" configid condition, so session_key will be set if it's empty.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              rlataria Roberts Lataria
              Reporter:
              thetuxkeeper Daniel PoƟmann
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: