Nagios Support Forum

Support for Nagios products and services
https://support.nagios.com/forum/

Security Concern

https://support.nagios.com/forum/viewtopic.php?t=8058

Page 1 of 1

Security Concern

Posted: Fri Nov 02, 2012 12:10 pm
by kinnema
We just noticed that this can happen. If an alert gets sent out via E-mail, it contains a "Respond" link at the bottom of the message which takes a person right to the service check that triggered the alert so that it can be acknowledged/disabled quickly. However, if a person happens to forward that E-mail notification on to someone else and they use the "Respond" link and then remove the end of the link (so you're back to just https://yourhost/nagiosxi/) then that second person is logged in as the person who originally received the E-mail alert. Is this a bug, or is there a way to disable adding the "respond" link to the E-mail notifications?

Thanks,
Tony

Re: Security Concern

Posted: Fri Nov 02, 2012 12:42 pm
by scottwilkerson
This is expected behavior.

If you do not want the response URL in the email messages you can remove the following line from the Host/Service message either on a per user basis in the users Notification Messages, or globally in Admin -> Notification Management (in 2012)

Code: Select all

Respond: %responseurl%
All times are UTC-05:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited