[ZBX-3735] password can be sent in http GET - ZABBIX SUPPORT

XML

Word

Printable

Details

Type: Defect (Security)
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 1.9.3 (alpha)
Fix Version/s: 2.0.0rc1
Component/s: Frontend (F)
Labels:
- security

Description

i haven't figured out exact steps to reproduce this, but every now and then i can get password sent as http GET variable, which doesn't seem to be too secure.

an example url :

index.php?request=&name=Admin&password=zabbix&autologin=1&enter=Sign+in

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

general.login.php.patch
0.5 kB
2012 Feb 17 11:19

Activity

People

Assignee:: Unassigned

Reporter:: richlv

Votes:: 1 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 2011 Apr 18 09:20

Updated:: 2020 Jul 16 14:10

Resolved:: 2012 Feb 26 00:04