lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet Enterprise before 2.5.2, supports use of IP addresses in certnames without warning of potential risks, which might allow remote attackers to spoof an agent by acquiring a previously used IP address.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2012-08-06T16:00:00Z
Updated: 2024-08-06T20:05:12.457Z
Reserved: 2012-06-14T00:00:00Z
Link: CVE-2012-3408
Vulnrichment
No data.
NVD
Status : Modified
Published: 2012-08-06T16:55:05.133
Modified: 2024-11-21T01:40:48.643
Link: CVE-2012-3408
Redhat