CVE-2018-11749Cleartext Transmission of Sensitive Info in Enterprise

CWE-319Cleartext Transmission of Sensitive Info4 documents4 sources
Severity
9.8CRITICALNVD
EPSS
0.1%
top 64.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Puppet Enterprise
Timeline
PublishedAug 24
Latest updateMay 13

Description

When users are configured to use startTLS with RBAC LDAP, at login time, the user's credentials are sent via plaintext to the LDAP server. This affects Puppet Enterprise 2018.1.3, 2017.3.9, and 2016.4.14, and is fixed in Puppet Enterprise 2018.1.4, 2017.3.10, and 2016.4.15. It scored an 8.5 CVSS score.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDpuppet/puppet_enterprise2017.3.02017.3.9+2
CVEListV5puppet/puppet_enterprise2016.4.14, 2017.3.9, 2018.1.3+2

🔴Vulnerability Details

2
GHSA
GHSA-qh8x-vwrj-w4f2: When users are configured to use startTLS with RBAC LDAP, at login time, the user's credentials are sent via plaintext to the LDAP server2022-05-13
CVEList
CVE-2018-11749: When users are configured to use startTLS with RBAC LDAP, at login time, the user's credentials are sent via plaintext to the LDAP server2018-08-24

📋Vendor Advisories

1
Debian
CVE-2018-11749: puppet - When users are configured to use startTLS with RBAC LDAP, at login time, the use...2018
CVE-2018-11749 — Puppet Enterprise vulnerability | cvebase