Werk #13722: Don't return passwords
Component | REST API |
Title | Don't return passwords |
Date | Feb 15, 2022 |
Checkmk Edition | Checkmk Raw (CRE) |
Checkmk Version | 2.0.0p21 2.1.0b1 |
Level | Trivial Change |
Class | Security Fix |
Compatibility | Incompatible - Manual interaction might be required |
Before this werk it was possible to retrieve stored passwords in cleartext over the REST API. They are not shown in the GUI and should not be revealed to a user.
A Checkmk admin can still retrieve the password with access to the filesystem though.