Branch: refs/heads/master
Home:
https://github.com/tribe29/checkmk
Commit: b1fb224332fef230c5c0f8a11bd28bb0fec3c628
https://github.com/tribe29/checkmk/commit/b1fb224332fef230c5c0f8a11bd28bb0f…
Author: Maximilian Wirtz <maximilian.wirtz(a)tribe29.com>
Date: 2022-02-18 (Fri, 18 Feb 2022)
Changed paths:
A .werks/13722
M cmk/gui/plugins/openapi/endpoints/password.py
M tests/unit/cmk/gui/plugins/openapi/test_openapi_password.py
Log Message:
-----------
13722 SEC Don't return passwords
Before this werk it was possible to retrieve stored passwords in cleartext over
the <i>REST API</i>. They are not shown in the GUI and should not be revealed
to a user.
A Checkmk admin can still retrieve the password with access to the filesystem
though.
CMK-9638
Change-Id: If7e4b4e2c2c9bd636cb30f14cb0a1bda2d7179b9