![]() Sessions are all about storing a state across several HTTP requests, stateless by design. Let’s dive into it! Client-Side Session Storage 101 Then, we describe the technical details of the vulnerability that we discovered in Zabbix, its impact and how it can be prevented. In this article, we give an introduction to the different kinds of session storage and discuss what makes an implementation safe. We discovered a high-severity vulnerability in Zabbix’s implementation of client-side sessions that could lead to the compromise of complete networks. A public vulnerability broker, a company specialized in the acquisition of security bugs, also publicly announced their interest in this software. Because of its popularity, features and its privileged position in most company’s networks, Zabbix is a high-profile target for threat actors. It is very similar to solutions like Pandora FMS and Nagios. Zabbix is a very popular open-source monitoring platform used to collect, centralize and track metrics like CPU load and network traffic across entire infrastructures.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |