Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-5842

exploit to check for an existence of the user with specified username

    XMLWordPrintable

Details

    • Team B
    • Sprint 66 (Jul 2020), Sprint 67 (Aug 2020), Sprint 68 (Sep 2020), Sprint 69 (Oct 2020), Sprint 70 (Nov 2020)
    • 0.75

    Description

      Hi,

      I've just found minor security vulnerability:

      When you try to login to zabbix with incorrect password several time you'll soon get 'Account is blocked for XX seconds' message.
      However when you try this with non-existant account you receive no such kind of message.

      Thus you can check if the account with specified mail exists in the system.

      Attachments

        Issue Links

          is duplicated by

          Incident report - Incident report ZBX-16532 Zabbix before 4.2 allows User Enumeration

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Closed
          mentioned in

          Page Loading...

          Activity

            People

              Miks.Kronkalns Miks Kronkalns
              erthad Timur Batyrshin
              Votes:
              6 Vote for this issue
              Watchers:
              12 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: