CVE-2013-1364

The user.login function in Zabbix before 1.8.16 and 2.x before 2.0.5rc1 allows remote attackers to override LDAP configuration via the cnf parameter...

Zabbix < 1.8.16 / 2.0.5 / 2.1.0 user.login cnf Parameter Authentication Bypass

According to its self-reported version number, the instance of Zabbix listening on the remote host is a version greater than 1.8.1 prior to 1.8.16, or version 2.0.x prior to 2.0.5. It, therefore, could be affected by an authentication bypass flaw in the 'user.login' method. The issue is triggered...