Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-7703

Security flaw with API access when using HTTP authentication

    XMLWordPrintable

Details

    Description

      When Zabbix is configured with HTTP authentication, the API uses permissions of the user passed to the user.login call. Therefore, as long as you can authenticate to the Zabbix server, you could impersonate any user via the API by passing another username to the user.login request.

      CVE-2014-1682

      Attachments

        Activity

          People

            Unassigned Unassigned
            vshupak Vitaly Shupak
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: