CVE-2013-4965 — Improper Authentication in Enterprise

CWE-287 — Improper Authentication4 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
0.7%
top 27.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Puppet Enterprise
Timeline
PublishedOct 25
Latest updateMay 14

Description

Puppet Enterprise before 3.1.0 does not properly restrict the number of authentication attempts by a console account, which makes it easier for remote attackers to bypass intended access restrictions via a brute-force attack.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

â–¶NVDpuppet/puppet_enterprise3.0.1+1

🔴Vulnerability Details

2
GHSA
GHSA-8p9x-4g9j-2649: Puppet Enterprise before 3↗2022-05-14
â–¶
CVEList
CVE-2013-4965: Puppet Enterprise before 3↗2013-10-25
â–¶

📋Vendor Advisories

1
Debian
CVE-2013-4965: puppet - Puppet Enterprise before 3.1.0 does not properly restrict the number of authenti...↗2013
â–¶
CVE-2013-4965 — Improper Authentication in Enterprise | cvebase