We just noticed that this can happen. If an alert gets sent out via E-mail, it contains a "Respond" link at the bottom of the message which takes a person right to the service check that triggered the alert so that it can be acknowledged/disabled quickly. However, if a person happens to forward that E-mail notification on to someone else and they use the "Respond" link and then remove the end of the link (so you're back to just https://yourhost/nagiosxi/) then that second person is logged in as the person who originally received the E-mail alert. Is this a bug, or is there a way to disable adding the "respond" link to the E-mail notifications?
Thanks,
Tony
Security Concern
-
scottwilkerson
- DevOps Engineer
- Posts: 19396
- Joined: Tue Nov 15, 2011 3:11 pm
- Location: Nagios Enterprises
- Contact:
Re: Security Concern
This is expected behavior.
If you do not want the response URL in the email messages you can remove the following line from the Host/Service message either on a per user basis in the users Notification Messages, or globally in Admin -> Notification Management (in 2012)
If you do not want the response URL in the email messages you can remove the following line from the Host/Service message either on a per user basis in the users Notification Messages, or globally in Admin -> Notification Management (in 2012)
Code: Select all
Respond: %responseurl%