Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-18894

CEncryptHelper::updateKey has fixed configid condition - cookie signature validation fails in certain installations

    XMLWordPrintable

Details

    • Team D
    • Sprint 72 (Jan 2021), Sprint 73 (Feb 2021), Sprint 74 (Mar 2021)
    • 0.125

    Description

      Steps to reproduce:

      1. You need an old installation with IDs from distributed monitoring or any configid != 1

      Result:
      CEncryptHelper::updateKey() has "dbConditionInt('configid', [1])" as condition. So the update query to the DB doesn't do anything and session_key will never be set. Resulting in a failing cookie signature validation.
      All users will be downgraded to the guest user.
      Expected:

      "dynamic" configid condition, so session_key will be set if it's empty.

      Attachments

        Issue Links

          caused by

          New Feature Request - A new feature request of the product, which has yet to be developed. ZBXNEXT-5965 Zabbix UI and API must not keep any local states like PHP sessionid

          • Trivial - Cosmetic problem like misspelt words or misaligned text.
          • Closed
          is duplicated by

          Problem report - Problem report ZBX-19108 Problems with a login and permissions in Frontend

          • Trivial - Cosmetic problem like misspelt words or misaligned text.
          • Closed

          Activity

            People

              rlataria Roberts Lataria (Inactive)
              thetuxkeeper Daniel Poßmann
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: