Werk #17455: Baking agents with encrypted real time checks and an empty password will fail
| Component | Setup, site management | ||||
| Title | Baking agents with encrypted real time checks and an empty password will fail | ||||
| Date | May 15, 2025 | ||||
| Level | Trivial Change | ||||
| Class | Bug Fix | ||||
| Compatibility | Incompatible - Manual interaction might be required | ||||
| Checkmk versions & editions |
|
Prior to this fix it was possible to build an agent with encryption enabled in the UI but an empty password. This would cause the agent to send the data unencrypted, and the checkmk site to refuse the data as it expected an encryption. Now when real-time checks are enabled a password has to be set in the UI and the agent bakery will refuse to bake an agent if encryption is enabled and the secret is set. Now when real-time checks are enabled a password has to be set in the UI and the agent bakery will refuse to bake an agent if ecryption is enabled and the secret is set. During the update a default password is set.
We marked this change as incompatible, as you need to rebuild the agents and install them to get a working configuration.
This werk does not fix an exploitable vulnerability.
Vulnerability Management:
To aid automated scanning we assign a CVSS score of 0.0 None (CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:N/SI:N/SA:N).