Accessing http://www.example.com/zm/index.php?view=console displays the console and the corresponding list of monitors without any sort of authentication, at least for my installation (1.28.0). I consider this a security issue.
Accessing http://www.example.com/zm/index.php presents me with the expected login dialog, and I can't proceed unless I enter valid login credentials.
I am running with:
OPT_USE_AUTH = true
AUTH_TYPE = builtin
Anyone else sees this?
Cheers,
Eloy Paris.-
Security issue
Re: Security issue
Am I the only one having this issue or who thinks that this is a security problem?
Re: Security issue
Now I try it, I see the same thing 
.
I guess it's a bit of a security issue, yeah - I can't interact with the console as presented when doing this, but it does show what you're monitoring, the number of events etc.
.I guess it's a bit of a security issue, yeah - I can't interact with the console as presented when doing this, but it does show what you're monitoring, the number of events etc.