zbx_sessionid cookie is not set as secure under https

XMLWordPrintable

      Zabbix frontend is vulnerable to session hijacking as when running under https the zbx_sessionid cookie is not set as "secure".

      The solution is simple, replace line 70 in /include/func.inc.php with the following:

      setcookie($name, $value, isset($time) ? $time : 0, '/', $_SERVER['SERVER_NAME'], (bool)$_SERVER["HTTPS"]);

            Assignee:
            Ivo Kurzemnieks
            Reporter:
            Robert Starsi
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: