Werk #6709: Fixed possible information disclosure to apache log when editing users

Component

Setup

Title

Fixed possible information disclosure to apache log when editing users

Date

Sep 21, 2018

Level

Trivial Change

Class

Security Fix

Compatibility

Compatible - no manual interaction needed

Checkmk versions & editions

1.6.0b1 Not yet released	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
1.6.0b1 Not yet released	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
1.6.0b1 Not yet released	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
1.6.0b1 Not yet released	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
1.6.0b1 Not yet released	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
1.6.0b1	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
1.5.0p5	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)
1.4.0p37	Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk MSP (CME)

An administrator has the ability to create new users. The credentials of a newly created user were visible within the HTML of the resulting web page as GET parameter of various hyperlinks. If one of these links was clicked, the credentials were stored in the administrator’s browser history and in the access logs of the server.

To the list of all Werks