Werk #17343: Fix handling of unsupported password hashes
| Component | Setup | ||
| Title | Fix handling of unsupported password hashes | ||
| Date | Dec 19, 2024 | ||
| Level | Trivial Change | ||
| Class | Bug Fix | ||
| Compatibility | Compatible - no manual interaction needed | ||
| Checkmk versions & editions |
|
While updating the config of a site the password hashes of automation users are checked against their stored secrets.
If the hash format is unsupported an Exception was raised and not properly caught.
This unsupported hash format might come from the former recommended way to update the etc/htpasswd file, using the standard Apache htpasswd tool.
Since this tool uses old unsecure hashes we advise against using it and recommend the cmk-passwd tool.
Also when an automation user with such a old password hash logged in an exception was raised and not properly caught.
This is also fixed now and the login fails.
We log a message to var/log/web.log with a hint that the password hash could be the problem.
We recommend updating the secret via the UI.