Werk #16716: Mitigate timing-unsafe comparisons to prevent byte-by-byte brute forcing attack

Component Agent bakery
Title Mitigate timing-unsafe comparisons to prevent byte-by-byte brute forcing attack
Date Jun 25, 2024
Level Trivial Change
Class Security Fix
Compatibility Compatible - no manual interaction needed
Checkmk versions & editions
2.4.0b1
Not yet released
Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)
2.3.0p8 Checkmk Enterprise (CEE), Checkmk Cloud (CCE), Checkmk MSP (CME)

A theorical brute force attack could be performed due to timing-unsafe secrets comparison. This fix changes the way secrets are verified in communication with the agent.

To aid automated scanning we assign a CVSS score of 0.0 (None) (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N).

To the list of all Werks