Explore the latest product updates and best practices at our hybrid Checkmk Conference #12 from June 16-18, 2026 – Register here
back to website

Werk #13720: Stop returning password hashes over API

Component REST API
Title Stop returning password hashes over API
Date Feb 14, 2022
Level Trivial Change
Class Security Fix
Compatibility Incompatible - Manual interaction might be required
Checkmk versions & editions
2.1.0b1 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)

Previous to this Werk the REST API returned the password hashes when getting a user object. If the user was a automation user the password was returned in clear-text.

This data should not be returned ever. If you forgot a password you have to reset it.

To the list of all Werks