Uploaded image for project: 'ZABBIX BUGS AND ISSUES'
  1. ZABBIX BUGS AND ISSUES
  2. ZBX-9358

Zabbix API session ID generation produces non-unique IDs

XMLWordPrintable

    • Sprint 4
    • 0.5

      We have observed problems with session IDs being non-unique if a user has several sessions during the same second. If two sessions get the same ID, a disconnect on one of those sessions will also unexpectedly disconnect another session.

      We have traced the non-unique ID problem to this line in the CUser.php file of the Zabbix API:

      $sessionid = md5(time().$password.$name.rand(0, 10000000));

      time() is second-based, and rand with the same seed has been known to return the same value repeatedly. This appears to be the root of the problem. Since we create a significant number of sections, duplicate IDs and resulting problems are a frequent occurrence.

            Unassigned Unassigned
            ai Alina Ivchenko
            Team A
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: