Unauthenticated public access to the Checkmk agent port expose sensitive data.
Description
Checkmk is a widely used system and network monitoring solution in enterprise environments and has been deployed across various products at VNG.
During security monitoring, the Blue Team discovered that some VNG products running the Checkmk agent have the default port 6556 publicly exposed to the Internet without authentication. Anyone connecting to this port (e.g., via telnet) can retrieve sensitive server information such as configuration details, network interfaces, running processes, etc., posing a significant security risk to the product infrastructure.
The Blue Team recommends that System Administrators review the Checkmk agent configuration on their respective products if in use. Mitigation measures should be implemented, such as access control lists (ACLs) to restrict access to only the monitoring server’s IP address and enabling authentication.
References