QwikSec

Security Database

CVE

CWE

Training

CVE-2019-15132

Published: Aug 17, 2019

Modified: Aug 5, 2024

PUBLISHED

Description

Zabbix through 4.4.0alpha1 allows User Enumeration. With login requests, it is possible to enumerate application usernames based on the variability of server responses (e.g., the "Login name or password is incorrect" and "No permissions for system access" messages, or just blocking for a number of seconds). This affects both api_jsonrpc.php and index.php.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://support.zabbix.com/browse/ZBX-16532

[debian-lts-announce] 20210421 [SECURITY] [DLA 2631-1] zabbix security update

mailing-list

[debian-lts-announce] 20230412 [SECURITY] [DLA 3390-1] zabbix security update

mailing-list

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.