Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-24500

Zabbix agent PSK key change with minimal write privileges can bring down proxy connection

XMLWordPrintable

    • S24-W22/23, S24-W24/25, S24-W26/27, S24-W28/29, S24-W30/31, S24-W32/33, S24-W34/35, S24-W36/37, S24-W38/39
    • 1

      When we have a proxy and a Zabbix agent using PSK encryption, we can bring down the Zabbix proxy connection from the Data Collection | Hosts configuration page simply by editing the PSK key. In all fairness this does require us to know the proxy PSK identity, but in all fairness a lot of customers use the name of the proxy as the PSK identity.

      Steps to reproduce:

      1. Create encrypted proxy (identity: prox_psk) [PSK key: 123456]
      2. Create encrypted Zabbix agent (identity: prox_psk) [PSK key: 123456]
      3. Both proxy and agent will be connected correctly and sending data
      4. Change Zabbix agent PSK key in the Zabbix frontend (identity: prox_psk) [PSK key: 456789]
      5. Proxy connection goes down

        1. image-2024-08-16-14-30-32-960.png
          image-2024-08-16-14-30-32-960.png
          19 kB
        2. screenshot-1.png
          screenshot-1.png
          93 kB

            vmaksimovs Vladimirs Maksimovs
            bkruszewski Bartosz Kruszewski
            Team C
            Votes:
            0 Vote for this issue
            Watchers:
            11 Start watching this issue

              Created:
              Updated:

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - Not Specified
                Not Specified
                Logged:
                Time Spent - 101.25h
                101.25h