Werk #13198: Stop showing automation secrets

Component Setup
Title Stop showing automation secrets
Date Jan 24, 2022
Level Trivial Change
Class New Feature
Compatibility Compatible - no manual interaction needed
Checkmk versions & editions
2.1.0b1 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)

Before this Werk, on the edit_user page the automation secret could be viewed. This could be abused by other vulnerabilities (e.g. XSS) to retrieve this secret to abuse it later.

When creating a new automation user / edit an automation secret you should write the secret down (e.g. in a password store).

To the list of all Werks