[checkmk-commits] Check_MK Git: check_mk: #2384 SEC Prevent user passwords from being visible in webserver log on user creation

Module: check_mk Branch: master Commit: a328b1099f8cca6ef7c33e98fabb061b1d2cfb2b URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=a328b1099f8cca… Author: Lars Michelsen <lm(a)mathias-kettner.de> Date: Tue Jun 30 09:32:02 2015 +0200 #2384 SEC Prevent user passwords from being visible in webserver log on user creation When a user is created using WATO, the set values of the form fields were logged directly into the webserver access log, because the form of this page used the GET request method. Users which have access to the log files would be able to see the initial passwords. If you use an older version of Check_MK it is a good idea to set the "Change password at next login or access" to force the user to change his password on first login. We changed this form to perform a POST request now to prevent these information being written to the logs. --- .werks/2384 | 18 ++++++++++++++++++ ChangeLog | 1 + web/htdocs/wato.py | 4 ++-- 3 files changed, 21 insertions(+), 2 deletions(-) diff --git a/.werks/2384 b/.werks/2384 new file mode 100644 index 0000000..4ca6dbe --- /dev/null +++ b/.werks/2384 @@ -0,0 +1,18 @@ +Title: Prevent user passwords from being visible in webserver log on user creation +Level: 1 +Component: wato +Class: security +Compatible: compat +State: unknown +Version: 1.2.7i3 +Date: 1435649205 + +When a user is created using WATO, the set values of the form fields were logged +directly into the webserver access log, because the form of this page used the +GET request method. Users which have access to the log files would be able to +see the initial passwords. If you use an older version of Check_MK it is a good +idea to set the "Change password at next login or access" to force the user +to change his password on first login. + +We changed this form to perform a POST request now to prevent these information +being written to the logs. diff --git a/ChangeLog b/ChangeLog index 62e420b..60ecfc5 100644 --- a/ChangeLog +++ b/ChangeLog @@ -31,6 +31,7 @@ WATO: * 2365 Removed old deprecated notification global options for plain emails... + * 2384 SEC: Prevent user passwords from being visible in webserver log on user creation... * 2344 FIX: Improved validation of selected rules when editing BI aggregations... * 2346 FIX: Notifications: Fixed garbled page when switching on/off bulks/backlog/user rules diff --git a/web/htdocs/wato.py b/web/htdocs/wato.py index ac18fe1..37e08ee 100644 --- a/web/htdocs/wato.py +++ b/web/htdocs/wato.py @@ -11924,7 +11924,7 @@ def mode_users(phase): clone_url = make_link([("mode", "edit_user"), ("clone", id)]) html.icon_button(clone_url, _("Create a copy of this user"), "clone") - delete_url = html.makeactionuri([("_delete", id)]) + delete_url = make_action_link([("mode", "users"), ("_delete", id)]) html.icon_button(delete_url, _("Delete"), "delete") notifications_url = make_link([("mode", "user_notifications"), ("user", id)]) @@ -12251,7 +12251,7 @@ def mode_edit_user(phase): # Let exceptions from loading notification scripts happen now load_notification_scripts() - html.begin_form("user") + html.begin_form("user", method="POST") forms.header(_("Identity")) # ID