Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-3735

password can be sent in http GET

XMLWordPrintable

    • Icon: Defect (Security) Defect (Security)
    • Resolution: Fixed
    • Icon: Major Major
    • 2.0.0rc1
    • 1.9.3 (alpha)
    • Frontend (F)

      i haven't figured out exact steps to reproduce this, but every now and then i can get password sent as http GET variable, which doesn't seem to be too secure.

      an example url :

      index.php?request=&name=Admin&password=zabbix&autologin=1&enter=Sign+in

        1. general.login.php.patch
          0.5 kB

            Unassigned Unassigned
            richlv richlv
            Votes:
            1 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: