XMLWordPrintable

Details

    • Team B
    • Sprint 94 (Nov 2022), Sprint 95 (Dec 2022)

    Description

      CSRF tokens should be generated in a way that is not guessable by the attacker, so if an attacker wants to send a request he should first get the CSRF token to include it in the request. Zabbix UI uses part of a session id as a CSRF token and is never changed between requests (not until the session is changed).

      Attachments

        Issue Links

          Activity

            People

              epulke Elina Pulke
              vjaceslavs Vjaceslavs Bogdanovs
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated: