Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-7598

LDAP bind password in HTML source code

    XMLWordPrintable

Details

    • Incident report
    • Status: Closed
    • Trivial
    • Resolution: Duplicate
    • 2.2.1
    • None
    • Server (S)
    • None

    Description

      I am unsure if this is intended but once you login as Admin and navigate to the Authentication tab, viewing the source page allows you to see the password of the user binded to LDAP server.

      Attachments

        Issue Links

          duplicates

          Defect (Security) - Discovered security vulnerabilities in Zabbix ZBX-6721 HTML code of "authentication.php" contains a ldap_bind_password in clear text if LDAP auth is enabled

          • Major - Major loss of function.
          • Closed

          Activity

            People

              Unassigned Unassigned
              dolevfarhi Dolev Farhi
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: