[ZBX-7243] Configuration file can be changed with editable cookies after setup Created: 2013 Oct 30  Updated: 2022 Sep 09  Resolved: 2022 Sep 06

Status: Closed
Project: ZABBIX BUGS AND ISSUES
Component/s: Frontend (F)
Affects Version/s: 2.1.9
Fix Version/s: None

Type: Incident report Priority: Trivial
Reporter: Ivo Kurzemnieks Assignee: Unassigned
Resolution: Unsupported version Votes: 0
Labels: cookie, installation, setup
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Attachments: PNG File hacked_dashboard.png     PNG File setup_cookie.png    

 Description   

Start Setup and go all the way to last step where configuration file is generated and saved in folder. There is a cookie ZBX_CONFIG. If you don't press "Finish", cookie is not deleted. So don't press "Finish".
Open dashboard. Dashboard refreshes page every 30 seconds. Delete configuration file and edit ZBX_CONFIG cookie manually. Change, for example, database name. Cookie is easy to read, because it's just serialized array.
After 30 seconds, due to existing cookie, configuration file will be created again with new data and in dashboard there in every widget there will be setup. See attached images.



 Comments   
Comment by Ivo Kurzemnieks [ 2022 Sep 06 ]

Cookies are no longer used in setup.
Closing the issue.

Generated at Fri Mar 29 12:18:00 EET 2024 using Jira 9.12.4#9120004-sha1:625303b708afdb767e17cb2838290c41888e9ff0.