Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-6244

zbx_sessionid cookie is not set as secure under https

    Details

      Description

      Zabbix frontend is vulnerable to session hijacking as when running under https the zbx_sessionid cookie is not set as "secure".

      The solution is simple, replace line 70 in /include/func.inc.php with the following:

      setcookie($name, $value, isset($time) ? $time : 0, '/', $_SERVER['SERVER_NAME'], (bool)$_SERVER["HTTPS"]);

        Attachments

          Activity

            People

            • Assignee:
              iivs Ivo Kurzemnieks
              Reporter:
              klevo Robert Starsi
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: