Loading...

XML

Word

Printable

Type: Defect (Security)
Resolution: Fixed
Priority: Trivial
Fix Version/s: 4.0.27rc1, 5.0.6rc1, 5.2.2rc1, 5.4.0alpha1, 5.4 (plan)
Affects Version/s: 2.0.2, 4.0.22, 5.0.2
Component/s: API (A)
Labels:
- security

Sprint:
Sprint 66 (Jul 2020), Sprint 67 (Aug 2020), Sprint 68 (Sep 2020), Sprint 69 (Oct 2020), Sprint 70 (Nov 2020)
Story Points:
0.75

Hi,

I've just found minor security vulnerability:

When you try to login to zabbix with incorrect password several time you'll soon get 'Account is blocked for XX seconds' message.
However when you try this with non-existant account you receive no such kind of message.

Thus you can check if the account with specified mail exists in the system.

is duplicated by

ZBX-16532 Zabbix before 4.2 allows User Enumeration

Closed

mentioned in: Page Loading...

Assignee:: Miks Kronkalns

Reporter:: Timur Batyrshin

Team:: Team B

Votes:: 6 Vote for this issue

Watchers:: 12 Start watching this issue

Created:: 2012 Nov 12 15:04

Updated:: 2024 Apr 10 17:12

Resolved:: 2020 Nov 22 21:43

Details

Description

Attachments

Issue Links

Activity

People

Dates