Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-18894

CEncryptHelper::updateKey has fixed configid condition - cookie signature validation fails in certain installations

XMLWordPrintable

    • Sprint 72 (Jan 2021), Sprint 73 (Feb 2021), Sprint 74 (Mar 2021)
    • 0.125

      Steps to reproduce:

      1. You need an old installation with IDs from distributed monitoring or any configid != 1

      Result:
      CEncryptHelper::updateKey() has "dbConditionInt('configid', [1])" as condition. So the update query to the DB doesn't do anything and session_key will never be set. Resulting in a failing cookie signature validation.
      All users will be downgraded to the guest user.
      Expected:

      "dynamic" configid condition, so session_key will be set if it's empty.

            rlataria Roberts Lataria (Inactive)
            thetuxkeeper Daniel PoƟmann
            Team D
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: