Zabbix Authentication Bypass

Sooraj V Nair
Published on
16 Jun 2021

Zabbix is an open-source monitoring software tool that can be used to monitor a variety of IT components such as networks, servers, virtual machines, and cloud services.In zabbix.php?action=dashboard.view&dashboardid=1, an error was discovered through version 4.4 of Zabbix. An attacker can access the dashboard page without login credentials, and then can create a dashboard, report, screen, or map anonymously. Other users and an admin have access to all created elements (Dashboard/Report/Screen/Map).

Mitigation / Precaution

  • We suggest you update Zabbix to a version greater than 4.4 in order to fix this vulnerability.
Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.

Written by
Sooraj V Nair
Sooraj V Nair
Cyber Security Engineer
Find website security issues in a flash
Improve your website's security posture with proactive vulnerability detection.
Free website security assessment