Expired sessions were not securely terminated in the RestAPI for Tribe29s Checkmk <= 2.1.0p10 and Checkmk <= 2.0.0p28 allowing an attacker to use expired session tokens when communicating with the RestAPI.
Weakness
According to WASC, “Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.”
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Checkmk | Checkmk | 2.1.0 (including) | 2.1.0 (including) |
| Checkmk | Checkmk | 2.1.0-b1 (including) | 2.1.0-b1 (including) |
| Checkmk | Checkmk | 2.1.0-b2 (including) | 2.1.0-b2 (including) |
| Checkmk | Checkmk | 2.1.0-b3 (including) | 2.1.0-b3 (including) |
| Checkmk | Checkmk | 2.1.0-b4 (including) | 2.1.0-b4 (including) |
| Checkmk | Checkmk | 2.1.0-b5 (including) | 2.1.0-b5 (including) |
| Checkmk | Checkmk | 2.1.0-b6 (including) | 2.1.0-b6 (including) |
| Checkmk | Checkmk | 2.1.0-b7 (including) | 2.1.0-b7 (including) |
| Checkmk | Checkmk | 2.1.0-b8 (including) | 2.1.0-b8 (including) |
| Checkmk | Checkmk | 2.1.0-b9 (including) | 2.1.0-b9 (including) |
| Checkmk | Checkmk | 2.1.0-p1 (including) | 2.1.0-p1 (including) |
| Checkmk | Checkmk | 2.1.0-p10 (including) | 2.1.0-p10 (including) |
| Checkmk | Checkmk | 2.1.0-p2 (including) | 2.1.0-p2 (including) |
| Checkmk | Checkmk | 2.1.0-p3 (including) | 2.1.0-p3 (including) |
| Checkmk | Checkmk | 2.1.0-p4 (including) | 2.1.0-p4 (including) |
| Checkmk | Checkmk | 2.1.0-p5 (including) | 2.1.0-p5 (including) |
| Checkmk | Checkmk | 2.1.0-p6 (including) | 2.1.0-p6 (including) |
| Checkmk | Checkmk | 2.1.0-p7 (including) | 2.1.0-p7 (including) |
| Checkmk | Checkmk | 2.1.0-p8 (including) | 2.1.0-p8 (including) |
| Checkmk | Checkmk | 2.1.0-p9 (including) | 2.1.0-p9 (including) |
| Check-mk | Ubuntu | bionic | * |
| Check-mk | Ubuntu | trusty | * |
| Check-mk | Ubuntu | xenial | * |