Branch: refs/heads/master
Home:
https://github.com/tribe29/checkmk
Commit: 5eb06ca3f58eb9b987f47395cf90feb22c772d93
https://github.com/tribe29/checkmk/commit/5eb06ca3f58eb9b987f47395cf90feb22…
Author: Maximilian Wirtz <maximilian.wirtz(a)tribe29.com>
Date: 2022-01-25 (Tue, 25 Jan 2022)
Changed paths:
A .werks/13198
M cmk/gui/wato/pages/users.py
Log Message:
-----------
13198 Stop showing automation secrets
Before this Werk, on the edit_user page the automation secret could be viewed.
This could be abused by other vulnerabilities (e.g. XSS) to retrieve this
secret to abuse it later.
When creating a new automation user / edit an automation secret you should
write the secret down (e.g. in a password store).
Change-Id: I727394d94669078e9021b3fd700f399a74af523c