[checkmk-commits] [tribe29/checkmk] b1fb22: 13722 SEC Don't return passwords

Branch: refs/heads/master Home: https://github.com/tribe29/checkmk Commit: b1fb224332fef230c5c0f8a11bd28bb0fec3c628 https://github.com/tribe29/checkmk/commit/b1fb224332fef230c5c0f8a11bd28bb0f… Author: Maximilian Wirtz &lt;maximilian.wirtz(a)tribe29.com&gt; Date: 2022-02-18 (Fri, 18 Feb 2022) Changed paths: A .werks/13722 M cmk/gui/plugins/openapi/endpoints/password.py M tests/unit/cmk/gui/plugins/openapi/test_openapi_password.py Log Message: ----------- 13722 SEC Don't return passwords Before this werk it was possible to retrieve stored passwords in cleartext over the <i>REST API</i>. They are not shown in the GUI and should not be revealed to a user. A Checkmk admin can still retrieve the password with access to the filesystem though. CMK-9638 Change-Id: If7e4b4e2c2c9bd636cb30f14cb0a1bda2d7179b9