Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-7703

Security flaw with API access when using HTTP authentication

    XMLWordPrintable

    Details

      Description

      When Zabbix is configured with HTTP authentication, the API uses permissions of the user passed to the user.login call. Therefore, as long as you can authenticate to the Zabbix server, you could impersonate any user via the API by passing another username to the user.login request.

      CVE-2014-1682

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            vshupak Vitaly Shupak
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: