Details
-
Type:
Defect (Security)
-
Status: Closed
-
Priority:
Major
-
Resolution: Fixed
-
Affects Version/s: 1.9.3 (alpha)
-
Fix Version/s: 2.0.0rc1
-
Component/s: Frontend (F)
-
Labels:
Description
i haven't figured out exact steps to reproduce this, but every now and then i can get password sent as http GET variable, which doesn't seem to be too secure.
an example url :
index.php?request=&name=Admin&password=zabbix&autologin=1&enter=Sign+in