Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-3735

password can be sent in http GET

          Details

          • Type: Incident report
          • Status: Closed
          • Priority: Major
          • Resolution: Fixed
          • Affects Version/s: 1.9.3 (alpha)
          • Fix Version/s: 2.0.0rc1
          • Component/s: Frontend (F)
          • Labels:

            Description

            i haven't figured out exact steps to reproduce this, but every now and then i can get password sent as http GET variable, which doesn't seem to be too secure.

            an example url :

            index.php?request=&name=Admin&password=zabbix&autologin=1&enter=Sign+in

              Attachments

                Activity

                  People

                  • Assignee:
                    Unassigned
                    Reporter:
                    richlv richlv
                  • Votes:
                    1 Vote for this issue
                    Watchers:
                    1 Start watching this issue

                    Dates

                    • Created:
                      Updated:
                      Resolved: