2 matches found
CVE-2018-11746 Puppet Discovery can leak authentication information
In Puppet Discovery prior to 1.2.0, when running Discovery against Windows hosts, WinRM connections can fall back to using basic auth over insecure channels if a HTTPS server is not available. This can expose the login credentials being used by Puppet Discovery...
CVE-2018-11746
CVE-2018-11746 affects Puppet Discovery prior to 1.2.0. When running against Windows, WinRM connections can fall back to basic auth over insecure channels if a HTTPS server is unavailable, exposing login credentials used by Puppet Discovery. The issue is specific to that context; upgrading to ver...