When users are configured to use startTLS with RBAC LDAP, at login time, the user's credentials are sent via plaintext to the LDAP server. This affects Puppet Enterprise 2018.1.3, 2017.3.9, and 2016.4.14, and is fixed in Puppet Enterprise 2018.1.4, 2017.3.10, and 2016.4.15. It scored an 8.5 CVSS score.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://puppet.com/security/cve/cve-2018-11749 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: puppet
Published: 2018-08-24T13:00:00Z
Updated: 2024-09-16T22:44:55.842Z
Reserved: 2018-06-05T00:00:00
Link: CVE-2018-11749
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-08-24T13:29:00.277
Modified: 2024-11-21T03:43:57.470
Link: CVE-2018-11749
Redhat
No data.