An improper authentication flaw was found in SaltStack salt before version 3003.3. The Salt minion installer accepts and uses a minion config file at C:\salt\conf if that file is in place before the installer is run. This flaw allows a malicious actor to subvert the proper behavior of the given minion software.