Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
Username/Password for zabbix credentials available for everyone who can see dashboard
See original GitHub issue- [ x] Bug report
For bug report please include this information:
- What Grafana version are you using? 4.2.0
- What Zabbix version are you using? 2.4
- What zabbix plugin version are you using? 3.3.0
- What OS are you running grafana on? Debian 4.6-6 (2016-07-26)
- What did you do?
When I open any zabbix dashboard I see ajax requests with zabbix user & password inside:
https://host/api/datasources/proxy/23
{jsonrpc: "2.0", method: "user.login", params: {user: "XXX", password: "XXXXXXXXX"}, id: 1} - What was the expected result? User & password allready stored in datasource. There is no reason show it to any user viewing dashboard.
- What happened instead? Every user can see zabbix user/password if has access to view dashboard
Issue Analytics
- State:
- Created 6 years ago
- Reactions:4
- Comments:10 (6 by maintainers)
Top Results From Across the Web
1 Login and configuring user
Enter the user name Admin with password zabbix to log in as a Zabbix superuser. Access to Configuration and Administration menus will be...
Read more >New user cannot log in - Forum
All the old accounts (including mine) have no issue logging in, but any new account created has the same login problem. Please, can...
Read more >login and password - ZABBIX Forums
I can't login to the admin account for the first time. I tried blank, and the zabbiz user password, etc. Mysql shows that...
Read more >What is the password from Zabbix using the docker ...
Hey Everyone, I just installed Zabbix using Docker. But I can't find the username and password on the documentation page ...
Read more >1 Login and configuring user
This is the Zabbix "Welcome" screen. Enter the user name Admin with password zabbix to log in as a Zabbix superuser. When logged...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
@eertul I can suggest a temporary solution for this. My idea is to use small and simple proxy running on grafana or zabbix server which will handle API requests. Proxy should parse request params and if method is
user.login, it should replace username and password by values stored in its config. Datasource in grafana can use any fake credentials. Since user authorized, proxy will store auth token and add it into every request. Please, let me know if you are interested in this. I can write and share this proxy. In the future, it should be included in the backend part of plugin.hello @alexanderzobnin, any news about this issue?
This is dangerous! this client reported the error to us, but I don’t know how many times this happened and was not reported (with our clients, and with other users). 😕