Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-5842

exploit to check for an existence of the user with specified username

    XMLWordPrintable

    Details

    • Team:
      Team B
    • Sprint:
      Sprint 66 (Jul 2020), Sprint 67 (Aug 2020), Sprint 68 (Sep 2020), Sprint 69 (Oct 2020), Sprint 70 (Nov 2020)
    • Story Points:
      0.75

      Description

      Hi,

      I've just found minor security vulnerability:

      When you try to login to zabbix with incorrect password several time you'll soon get 'Account is blocked for XX seconds' message.
      However when you try this with non-existant account you receive no such kind of message.

      Thus you can check if the account with specified mail exists in the system.

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Miks.Kronkalns Miks Kronkalns
              Reporter:
              erthad Timur Batyrshin
              Votes:
              6 Vote for this issue
              Watchers:
              13 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: