Puppet 2.6.x before 2.6.12 and 2.7.x before 2.7.6, and Puppet Enterprise (PE) Users 1.0, 1.1, and 1.2 before 1.2.4, when signing an agent certificate, adds the Puppet master's certdnsnames values to the X.509 Subject Alternative Name field of the certificate, which allows remote attackers to spoof a Puppet master via a man-in-the-middle (MITM) attack against an agent that uses an alternate DNS name for the master, aka "AltNames Vulnerability."
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2011-10-27T20:00:00
Updated: 2024-08-06T23:53:31.429Z
Reserved: 2011-09-29T00:00:00
Link: CVE-2011-3872
Vulnrichment
No data.
NVD
Status : Modified
Published: 2011-10-27T20:55:01.760
Modified: 2024-11-21T01:31:27.150
Link: CVE-2011-3872
Redhat