Checkmk monitoring tool reports critical flaw enabling 2FA bypass
Take action: If you are running checkmk with MFA authentication, update it ASAP. Although the attacker needs a valid password, that's not too difficult to get these days with all the data leaks and people recycling passwords.
Learn More
A critical vulnerability has been identified in the checkmk IT monitoring software, allowing attackers to bypass two-factor authentication (2FA).
Checkmk is an IT monitoring software designed for monitoring the health and performance of a wide range of infrastructure components such as servers, networks, databases, cloud services, and applications.
The flaw, tracked as CVE-2024-8606 (CVSS score 9.2). The developers at checkmk have labeled it as "high" severity in their own report, despite the critical classification by CVSS standards.
The issue lies in the RestAPI, which did not properly enforce multifactor authentication (MFA) for users. Attackers who are already authenticated (presumably via username and password) can exploit this flaw to bypass the second factor of authentication/
The vulnerability impacts the following checkmk versions:
- checkmk 2.2.0
- checkmk 2.3.0
The issue has been addressed in the following patched versions:
- checkmk 2.2.0p34
- checkmk 2.3.0p16
- checkmk 2.4.0b1
These updates apply to Checkmk Raw (CRE), Checkmk Enterprise (CEE), Checkmk Cloud (CCE), and Checkmk MSP (CME) versions.
The manufacturer has released the necessary software updates as of September 9, 2024, and IT managers are urged to apply these updates to mitigate the risk posed by this vulnerability. This flaw was discovered during internal code reviews and was not the result of external reports or public disclosures.
