Primary

Context

Checkmk Sensitive Information Logging Vulnerability in LDAP Integration

Vulnerability

Patched

A vulnerability exists in Checkmk versions prior to 2.3.0p27, prior to 2.2.0p40, and 2.1.0p51 (EOL), where LDAP credentials are logged to the Apache error log. This occurs when the 'LDAP' log level is set to 'Debug' and an LDAP integration is active. The logged information, including usernames and passwords, is accessible to administrators.

Impact

Exploitation of this vulnerability leads to the unintentional exposure of LDAP credentials, including usernames and passwords, in the Apache error log file.

Remediation

Users can update to Checkmk versions 2.3.0p27, 2.2.0p40, or 2.5.0b1. If unable to update, the 'LDAP' log level can be changed to any value other than 'Debug' to prevent password logging.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

2.5

exploitability

4.8

remediation

8.3

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.8

impact

2.5

exploitability

4.8

remediation

8.3

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Checkmk Sensitive Information Logging Vulnerability in LDAP Integration

Vulnerability

Impact

Remediation

Affected Products

Checkmk

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating