6 matches found
CVE-2014-1682
The API in Zabbix before 1.8.20rc1, 2.0.x before 2.0.11rc1, and 2.2.x before 2.2.2rc1 allows remote authenticated users to spoof arbitrary users via the user name in a user.login request...
CVE-2013-1364
The user.login function in Zabbix before 1.8.16 and 2.x before 2.0.5rc1 allows remote attackers to override LDAP configuration via the cnf parameter...
CVE-2013-1364
The user.login function in Zabbix before 1.8.16 and 2.x before 2.0.5rc1 allows remote attackers to override LDAP configuration via the cnf parameter...
CVE-2013-1364
Summary: CVE-2013-1364 affects Zabbix prior to 1.8.16 and 2.x prior to 2.0.5rc1, where the user.login function can be abused to override LDAP configuration via the cnf parameter, enabling a remote attacker to modify LDAP settings. Root cause: insecure handling of the cnf parameter in user.login l...
CVE-2013-1364
The user.login function in Zabbix before 1.8.16 and 2.x before 2.0.5rc1 allows remote attackers to override LDAP configuration via the cnf parameter...
Zabbix < 1.8.16 / 2.0.5 / 2.1.0 user.login cnf Parameter Authentication Bypass
According to its self-reported version number, the instance of Zabbix listening on the remote host is a version greater than 1.8.1 prior to 1.8.16, or version 2.0.x prior to 2.0.5. It, therefore, could be affected by an authentication bypass flaw in the 'user.login' method. The issue is triggered...