An issue exists in Icinga 2.x up to and including 2.8.1. The lack of a constant-time password comparison function can disclose the password to an attacker.
Debian Bug report logs -
#883247
CVE-2017-16933: icinga2: root privilege escalation via prepare-dirs
Package:
icinga2;
Maintainer for icinga2 is Debian Nagios Maintainer Group <pkg-nagios-devel@listsaliothdebianorg>; Source for icinga2 is src:icinga2 (PTS, buildd, popcon)
Reported by: Henri Salo <henri@nervfi>
Da ...