In Puppet Discovery prior to 1.2.0, when running Discovery against Windows hosts, WinRM connections can fall back to using basic auth over insecure channels if a HTTPS server is not available. This can expose the login credentials being used by Puppet Discovery.
References
Configurations
History
07 Nov 2023, 02:51
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2018-07-03 13:29
Updated : 2024-02-28 16:25
NVD link : CVE-2018-11746
Mitre link : CVE-2018-11746
CVE.ORG link : CVE-2018-11746
JSON object : View
Products Affected
puppet
- discovery
CWE
CWE-522
Insufficiently Protected Credentials