Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-7703

Security flaw with API access when using HTTP authentication

    Details

      Description

      When Zabbix is configured with HTTP authentication, the API uses permissions of the user passed to the user.login call. Therefore, as long as you can authenticate to the Zabbix server, you could impersonate any user via the API by passing another username to the user.login request.

      CVE-2014-1682

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              vshupak Vitaly Shupak
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: