CVE-2018-11749 - RBAC User Authentication Request Done Over Plaintext

CVSS 3 Base Score:
8.5

Posted On:
August 23, 2018

Assessed Risk Level:
High

When users are configured to use startTLS with Role-Based Access Control (RBAC) Lightweight Directory Access Protocol (LDAP), at login time, the user's credentials are sent via plaintext to the LDAP server. This vulnerability was found by an internal audit at Puppet.

Status:

Affected software versions:

Puppet Enterprise prior to 2018.1.4
Puppet Enterprise prior to 2017.3.10
Puppet Enterprise prior to 2016.4.15

Resolved in:

Puppet Enterprise 2018.1.4
Puppet Enterprise 2017.3.10
Puppet Enterprise 2016.4.15

← Back to CVE Listings

Achieving Zero Trust Security with Puppet Enterprise

Achieving Zero Trust Security with Puppet Enterprise

CVE-2018-11749 - RBAC User Authentication Request Done Over Plaintext

CVSS 3 Base Score:
8.5

Posted On:
August 23, 2018

Assessed Risk Level:
High

Status:

Get Started

Puppet Enterprise

Puppet Enterprise Extensions

CVE-2018-11749 - RBAC User Authentication Request Done Over Plaintext

CVSS 3 Base Score: 8.5

Posted On: August 23, 2018

Assessed Risk Level: High

Status:

CVSS 3 Base Score:
8.5

Posted On:
August 23, 2018

Assessed Risk Level:
High