back to website

Werk #13720: Stop returning password hashes over API

Component REST API
Title Stop returning password hashes over API
Date Feb 14, 2022
Level Trivial Change
Class Security Fix
Compatibility Incompatible - Manual interaction might be required
Checkmk versions & editions
2.1.0b1 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)

Previous to this Werk the REST API returned the password hashes when getting a user object. If the user was a automation user the password was returned in clear-text.

This data should not be returned ever. If you forgot a password you have to reset it.

To the list of all Werks

The Checkmk logo (formerly known as Check_MK) is a trademark of Checkmk GmbH. ©2025 Checkmk GmbH. All rights reserved.

Join our hybrid Monitoring Community event from May 20-22 in Munich and learn more about the latest Checkmk features and our roadmap at the Checkmk Conference #11

Register now