Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Nagios Login page

https://support.nagios.com/forum/viewtopic.php?t=11150

Page 1 of 1

Nagios Login page

Posted: Fri Jul 12, 2013 1:35 pm
by sujitt
the forgot password feature on the nagios login page is very insecurely implemented. It gives way for anybody be able to reset the password of any user without verification.
Can we make this more secure or some way to protect admin passwords from being reset ?

Re: Nagios Login page

Posted: Fri Jul 12, 2013 1:53 pm
by abrist
Not necessarily insecure, but it definitely allows for vagrants to be rather annoying. I will open an internal bug fix for this. The email should probably give you a link to reset the password instead of the "Forgot Password" link resetting the password itself. Thanks for the heads up.

Re: Nagios Login page

Posted: Mon Nov 17, 2014 5:16 pm
by cmerchant
This fix was rolled into the source trunk and should be in the most recent version of Nagios XI.
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited