2 matches found
CVE-2013-4962
The reset password page in Puppet Enterprise before 3.0.1 does not force entry of the current password, which allows attackers to modify user passwords by leveraging session hijacking, an unattended workstation, or other vectors...
CVE-2013-4962
The CVE-2013-4962 entry concerns Puppet Enterprise prior to 3.0.1 where the reset password page does not require the current password. This can let an attacker modify user passwords by exploiting session hijacking, an unattended workstation, or other vectors. The description consistently states t...