Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-3906

Users attempt_failed counter doesn't reset after successful login through API

XMLWordPrintable

    • Icon: Defect (Security) Defect (Security)
    • Resolution: Duplicate
    • Icon: Minor Minor
    • None
    • 1.8.4
    • API (A)
    • Debian lenny

      To reproduce the bug, follow these steps using API operations:

      • Try to log in with a wrong password five times (or ZBX_LOGIN_ATTEMPTS times if it's different)
      • Now try to log in with a correct password. You will receive an error: 'Account is blocked for X seconds'. This is the expected behaviour.
      • After those seconds, log in with the correct information.
      • At this point, the field attempt_failed in the table users for the row corresponding to that user should be reset to 0 (that's what happens when you log in through the PHP front-end), but it isn't.

      What's the effect of this? Once the counter has reached 5, that user can't log in, out and in again quickly. Maybe it's not a big deal but a programmer expects for the API the same behaviour as in the PHP front-end.

            Unassigned Unassigned
            jaragunde Jacobo Aragunde PĂ©rez
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: