Zabbix Authentication Bypass

By
Sooraj V Nair
Published on
16 Jun 2021
Vulnerability

Zabbix is an open-source monitoring software tool that can be used to monitor a variety of IT components such as networks, servers, virtual machines, and cloud services.In zabbix.php?action=dashboard.view&dashboardid=1, an error was discovered through version 4.4 of Zabbix. An attacker can access the dashboard page without login credentials, and then can create a dashboard, report, screen, or map anonymously. Other users and an admin have access to all created elements (Dashboard/Report/Screen/Map).

Mitigation / Precaution

  • We suggest you update Zabbix to a version greater than 4.4 in order to fix this vulnerability.

Written by
Sooraj V Nair
Sooraj V Nair
Cyber Security Engineer
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days