[ZBX-6972] New users should not get a valid default password Created: 2013 Sep 09 Updated: 2020 Jul 16 |
|
Status: | Open |
Project: | ZABBIX BUGS AND ISSUES |
Component/s: | Frontend (F) |
Affects Version/s: | 2.0.8 |
Fix Version/s: | None |
Type: | Defect (Security) | Priority: | Trivial |
Reporter: | Marc | Assignee: | Unassigned |
Resolution: | Unresolved | Votes: | 1 |
Labels: | password, security, unsquashable, user | ||
Remaining Estimate: | Not Specified | ||
Time Spent: | Not Specified | ||
Original Estimate: | Not Specified |
Description |
New users get a default password ''zabbix'. Maybe one can request on user creation a password if user groups with 'internal' frontend access are selected, or even better set initially a value that will never be a valid hash. |
Comments |
Comment by Pavels Jelisejevs (Inactive) [ 2014 Mar 28 ] |
I think we should make password an optional parameter and set it to an empty hash if it's omitted. That way, users with empty password will never be able to login. |
Comment by Pavels Jelisejevs (Inactive) [ 2014 Apr 02 ] |
Related issue - |