ZoneMinder Forums

ZoneMinder Forums
https://forums.zoneminder.com/

Security issue

https://forums.zoneminder.com/viewtopic.php?t=22775

Page 1 of 1

Security issue

Posted: Wed Dec 10, 2014 6:29 pm
by peloy
Accessing http://www.example.com/zm/index.php?view=console displays the console and the corresponding list of monitors without any sort of authentication, at least for my installation (1.28.0). I consider this a security issue.

Accessing http://www.example.com/zm/index.php presents me with the expected login dialog, and I can't proceed unless I enter valid login credentials.

I am running with:

OPT_USE_AUTH = true

AUTH_TYPE = builtin

Anyone else sees this?

Cheers,

Eloy Paris.-

Re: Security issue

Posted: Wed Dec 24, 2014 3:50 pm
by peloy
Am I the only one having this issue or who thinks that this is a security problem?

Re: Security issue

Posted: Wed Dec 24, 2014 9:29 pm
by c128
Now I try it, I see the same thing :oops: .

I guess it's a bit of a security issue, yeah - I can't interact with the console as presented when doing this, but it does show what you're monitoring, the number of events etc.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited