Werk #13722: Don't return passwords
Komponente | REST API |
Titel | Don't return passwords |
Datum | 15.02.2022 |
Checkmk Edition | Checkmk Raw (CRE) |
Checkmk-Version | 2.0.0p21 2.1.0b1 |
Level | Kleine Änderung |
Klasse | Sicherheitsfix |
Kompatibilität | Inkompatibel - Manuelle Interaktion könnte erforderlich sein |
Before this werk it was possible to retrieve stored passwords in cleartext over the REST API. They are not shown in the GUI and should not be revealed to a user.
A Checkmk admin can still retrieve the password with access to the filesystem though.