Werk #13198: Stop showing automation secrets
| Component | Setup | ||
| Title | Stop showing automation secrets | ||
| Date | Jan 24, 2022 | ||
| Level | Trivial Change | ||
| Class | New Feature | ||
| Compatibility | Compatible - no manual interaction needed | ||
| Checkmk versions & editions |
|
Before this Werk, on the edit_user page the automation secret could be viewed. This could be abused by other vulnerabilities (e.g. XSS) to retrieve this secret to abuse it later.
When creating a new automation user / edit an automation secret you should write the secret down (e.g. in a password store).