back to website

Werk #14382: Don't leak LDAP server address when connection fails

Component Setup
Title Don't leak LDAP server address when connection fails
Date Aug 23, 2022
Level Trivial Change
Class Security Fix
Compatibility Compatible - no manual interaction needed
Checkmk versions & editions
2.2.0b1 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.1.0p11 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
2.0.0p28 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
1.6.0p30 Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)

Prior to this Werk, trying to authenticate to an LDAP server that is unavailable would result in an error saying that the server could be contacted. This leaks the address of the LDAP server. In addition, it was possible to check if a user is a htpasswd user, since the LDAP connection is not attempted for these users and LDAP error is not shown.

Now a generic "invalid login" message is shown to avoid this information disclosure.

To the list of all Werks

The Checkmk logo (formerly known as Check_MK) is a trademark of Checkmk GmbH. ©2025 Checkmk GmbH. All rights reserved.

Join our hybrid Monitoring Community event from May 20-22 in Munich and learn more about the latest Checkmk features and our roadmap at the Checkmk Conference #11

Register now