Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-9358

Zabbix API session ID generation produces non-unique IDs

    Details

    • Team:
      Team A
    • Sprint:
      Sprint 4
    • Story Points:
      0.5

      Description

      We have observed problems with session IDs being non-unique if a user has several sessions during the same second. If two sessions get the same ID, a disconnect on one of those sessions will also unexpectedly disconnect another session.

      We have traced the non-unique ID problem to this line in the CUser.php file of the Zabbix API:

      $sessionid = md5(time().$password.$name.rand(0, 10000000));

      time() is second-based, and rand with the same seed has been known to return the same value repeatedly. This appears to be the root of the problem. Since we create a significant number of sections, duplicate IDs and resulting problems are a frequent occurrence.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                ai Alina Ivchenko
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: