Vulnerability: Security Bypass Zabbix
Danger level: Average
Availability of fixes: Insturktsii to eliminate
Number of vulnerabilities: 1
CVE ID: CVE-2013-1364
Vector of operation: Local Network
Impact: Security Bypass
Affected products: Zabbix 2.x
Affected versions: Zabbix 2.0.4, perhaps the only one.
Vulnerability allows the removed user to bypass some restrictions of safety.
The vulnerability is due to the fact that the function ‘user.login ()’ does not handle parameter ‘cnf’ LDAP-authentication requests. A remote user can change certain authentication in LDAP.
Successful exploitation of this vulnerability requires that used LDAP-authentication.