the forgot password feature on the nagios login page is very insecurely implemented. It gives way for anybody be able to reset the password of any user without verification.
Can we make this more secure or some way to protect admin passwords from being reset ?
Nagios Login page
Re: Nagios Login page
Not necessarily insecure, but it definitely allows for vagrants to be rather annoying. I will open an internal bug fix for this. The email should probably give you a link to reset the password instead of the "Forgot Password" link resetting the password itself. Thanks for the heads up.
Former Nagios employee
"It is turtles. All. The. Way. Down. . . .and maybe an elephant or two."
VI VI VI - The editor of the Beast!
Come to the Dark Side.
"It is turtles. All. The. Way. Down. . . .and maybe an elephant or two."
VI VI VI - The editor of the Beast!
Come to the Dark Side.
Re: Nagios Login page
This fix was rolled into the source trunk and should be in the most recent version of Nagios XI.