Werk #13722: Don't return passwords
| Component | REST API | ||||
| Title | Don't return passwords | ||||
| Date | Feb 15, 2022 | ||||
| Level | Trivial Change | ||||
| Class | Security Fix | ||||
| Compatibility | Incompatible - Manual interaction might be required | ||||
| Checkmk versions & editions |
|
Before this werk it was possible to retrieve stored passwords in cleartext over the REST API. They are not shown in the GUI and should not be revealed to a user.
A Checkmk admin can still retrieve the password with access to the filesystem though.