Monitoring software checkmk: Security vulnerability enables 2FA bypass
A vulnerability in the monitoring software checkmk allows attackers to bypass two-factor authentication.
(Image: Bild erstellt mit KI in Bing Designer durch heise online / dmk)
Attackers can abuse a vulnerability in the IT monitoring software checkmk to bypass two-factor authentication. The manufacturer has provided updated software that closes the security gap.
checkmk has written a post in which the developers point out the available error corrections. The RestAPI did not thoroughly check whether users are fully authenticated if multifactor authentication is provided for them. The company has now published a CVE entry for this, CVE-2024-8606 with a CVSS value of 9.2, which corresponds to a risk rating of"critical"; checkmk only uses the description "high" for this in its report, deviating from the CVSS specification for the classification. According to the description, attackers must be authenticated – presumably with username and password – and can bypass the second factor for confirmation.
Critical security vulnerability: Updates are available
The affected versions are checkmk versions 2.2.0 and 2.3.0. The developers have fixed the bug in Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE) and Checkmk MSP (CME) 2.2.0p34, 2.3.0p16 and in 2.4.0b1.
According to the report, the updates have been available since September 9. However, the vulnerability report with CVE entry has only now been made. IT managers should initiate the update immediately, as the security vulnerability is considered critical. The vulnerability was found during internal code reviews, writes checkmk, and not as a result of external or public information.
At the end of May, checkmk also closed security gaps in the network monitoring software with updates. Attackers had been able to read and write local files on checkmk servers without authorization.
(dmk)