If Grafana is unable to connect to the datasource and has public mode enabled, zabbix credentials are viewable in plain text #450
Comments
|
That's how Zabbix api works, unfortunately. See #380 for details. Good solution is moving auth-related queries to backend, but I can't do it until we implement backend plugins in Grafana. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I'm submitting a ...
If you don't send bug report, remove sections below
For bug report please include this information:
Software Versions
What did you do?
If Grafana is available in public mode (auth.anonymous) and Zabbix is unable to be reached, there will be an error message (red flag in top left corner of panels that use Zabbix. If you click on this panel, and go to the request tab, it is possible to see the output of the request to the zabbix API, which contains cleartext usernames and passwords for the zabbix instance.
What was the expected result?
Cleartext usernames and passwords should not be visible, even during a fault.
What happened instead?
Cleartext usernames and passwords, as well as API URIs are available in cleartext during an error.
The text was updated successfully, but these errors were encountered: