XMLWordPrintable

Details

    • Team C
    • Sprint 94 (Nov 2022), Sprint 95 (Dec 2022), Sprint 96 (Jan 2023), Sprint 97 (Feb 2023)
    • 4

    Description

      CSRF tokens should be generated in a way that is not guessable by the attacker, so if an attacker wants to send a request he should first get the CSRF token to include it in the request. Zabbix UI uses part of a session id as a CSRF token and is never changed between requests (not until the session is changed).

      Attachments

        Issue Links

          Activity

            People

              gcalenko Gregory Chalenko
              vjaceslavs Vjaceslavs Bogdanovs
              Votes:
              0 Vote for this issue
              Watchers:
              13 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: