[ZBX-6972] New users should not get a valid default password Created: 2013 Sep 09  Updated: 2020 Jul 16

Status: Open
Project: ZABBIX BUGS AND ISSUES
Component/s: Frontend (F)
Affects Version/s: 2.0.8
Fix Version/s: None

Type: Defect (Security) Priority: Trivial
Reporter: Marc Assignee: Unassigned
Resolution: Unresolved Votes: 1
Labels: password, security, unsquashable, user
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified


 Description   

New users get a default password ''zabbix'.
Even if this is mainly an issue for users with internal frontend access, this shouldn't happen at all.

Maybe one can request on user creation a password if user groups with 'internal' frontend access are selected, or even better set initially a value that will never be a valid hash.



 Comments   
Comment by Pavels Jelisejevs (Inactive) [ 2014 Mar 28 ]

I think we should make password an optional parameter and set it to an empty hash if it's omitted. That way, users with empty password will never be able to login.

Comment by Pavels Jelisejevs (Inactive) [ 2014 Apr 02 ]

Related issue - ZBX-8021.

Generated at Thu Mar 28 17:41:57 EET 2024 using Jira 9.12.4#9120004-sha1:625303b708afdb767e17cb2838290c41888e9ff0.