diff --git a/cmdb-api/api/lib/cmdb/auto_discovery/auto_discovery.py b/cmdb-api/api/lib/cmdb/auto_discovery/auto_discovery.py
index 8c0bc2c..4fa8968 100644
--- a/cmdb-api/api/lib/cmdb/auto_discovery/auto_discovery.py
+++ b/cmdb-api/api/lib/cmdb/auto_discovery/auto_discovery.py
@@ -273,6 +273,12 @@ class AutoDiscoveryCITypeCRUD(DBMixin):
                         result.append(rule)
                         break
             elif not rule['agent_id'] and not rule['query_expr'] and rule['adr_id']:
+                try:
+                    if not int(oneagent_id, 16): # excludes master
+                        continue
+                except Exception:
+                    pass
+
                 adr = AutoDiscoveryRuleCRUD.get_by_id(rule['adr_id'])
                 if not adr:
                     continue
diff --git a/cmdb-api/api/views/cmdb/auto_discovery.py b/cmdb-api/api/views/cmdb/auto_discovery.py
index 8a79492..e856243 100644
--- a/cmdb-api/api/views/cmdb/auto_discovery.py
+++ b/cmdb-api/api/views/cmdb/auto_discovery.py
@@ -149,6 +149,11 @@ class AutoDiscoveryCITypeView(APIView):
                     i['extra_option'].pop('secret', None)
                 else:
                     i['extra_option']['secret'] = AESCrypto.decrypt(i['extra_option']['secret'])
+            if isinstance(i.get("extra_option"), dict) and i['extra_option'].get('password'):
+                if not (current_user.username == "cmdb_agent" or current_user.uid == i['uid']):
+                    i['extra_option'].pop('password', None)
+                else:
+                    i['extra_option']['password'] = AESCrypto.decrypt(i['extra_option']['password'])
 
         return self.jsonify(res)