Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-7598

LDAP bind password in HTML source code

    XMLWordPrintable

    Details

    • Type: Incident report
    • Status: Closed
    • Priority: Trivial
    • Resolution: Duplicate
    • Affects Version/s: 2.2.1
    • Fix Version/s: None
    • Component/s: Server (S)
    • Labels:
      None

      Description

      I am unsure if this is intended but once you login as Admin and navigate to the Authentication tab, viewing the source page allows you to see the password of the user binded to LDAP server.

        Attachments

          Issue Links

          duplicates

          Defect (Security) - Discovered security vulnerabilities in Zabbix ZBX-6721 HTML code of "authentication.php" contains a ldap_bind_password in clear text if LDAP auth is enabled

          • Major - Major loss of function.
          • Closed

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              dolevfarhi Dolev Farhi
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: