Lucene search
K

4 matches found

Tenable Nessus
Tenable Nessus
added 2019/10/09 12:0 a.m.25 views

Puppet Enterprise 2016.x < 2016.4.15 / 2017.x < 2017.3.10 / 2018.x < 2018.1.4 Plaintext Credential Vulnerability

A plaintext credential vulnerability exists when users are configured to use startTLS with Role-Based Access Control RBAC Lightweight Directory Access Protocol LDAP. An unauthenticated, remote attacker can exploit this to bypass authentication to see the users credentials in plaintext...

9.8CVSS8.5AI score0.00758EPSS
Exploits0References2
NVD
NVD
added 2018/08/24 1:29 p.m.18 views

CVE-2018-11749

When users are configured to use startTLS with RBAC LDAP, at login time, the user's credentials are sent via plaintext to the LDAP server. This affects Puppet Enterprise 2018.1.3, 2017.3.9, and 2016.4.14, and is fixed in Puppet Enterprise 2018.1.4, 2017.3.10, and 2016.4.15. It scored an 8.5 CVSS...

9.8CVSS9.3AI score0.00758EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2018/08/24 1:29 p.m.22 views

CVE-2018-11749

When users are configured to use startTLS with RBAC LDAP, at login time, the user's credentials are sent via plaintext to the LDAP server. This affects Puppet Enterprise 2018.1.3, 2017.3.9, and 2016.4.14, and is fixed in Puppet Enterprise 2018.1.4, 2017.3.10, and 2016.4.15. It scored an 8.5 CVSS...

9.8CVSS7.2AI score0.00758EPSS
Exploits0References2
CVE
CVE
added 2018/08/24 1:0 p.m.53 views

CVE-2018-11749

CVE-2018-11749 affects Puppet Enterprise when startTLS with RBAC LDAP is configured; at login time, user credentials are sent in plaintext to the LDAP server. Affected PE versions: 2018.1.3, 2017.3.9, and 2016.4.14. Fixes are available in Puppet Enterprise 2018.1.4, 2017.3.10, and 2016.4.15. Seve...

9.8CVSS9.2AI score0.00758EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder