Check_MK Werk 6549: Crash reports: Filter out password/_password from HTTP vars of GUI crashes

Lars Michelsen lm at mathias-kettner.de
Wed Sep 5 10:30:37 CEST 2018


ID:          6549
Title:       Crash reports: Filter out password/_password from HTTP vars of GUI crashes
Component:   Multisite
Level:       1
Class:       Bug fix
Version:     1.6.0i1

When a crash occurs during the login procedure where a user entered his password during
verification of this password, the crash could contain this password in plain text in
the HTTP variable data structure. The vars named password/_password are now explicitly
filtered to prevent this.



More information about the checkmk-werks-lvl1 mailing list