Vulnerabilities > CVE-2013-2716 - Cryptographic Issues vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Puppet Labs Puppet Enterprise before 2.8.0 does not use a "randomized secret" in the CAS client config file (cas_client_config.yml) when upgrading from older 1.2.x or 2.0.x versions, which allows remote attackers to obtain console access via a crafted cookie.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Nessus
| NASL family | CGI abuses |
| NASL id | PUPPET_ENTERPRISE_CONSOLE_RCE.NASL |
| description | The version of Puppet Enterprise Console running on the remote host has an authentication bypass vulnerability. The secret value used to prevent cookie tampering is not random. This allows a remote, unauthenticated attacker to create a cookie that would be inappropriately authorized by the console, which could result in arbitrary code execution. This only affects Puppet Enterprise versions 2.5.0 through 2.7.2 that have been upgraded from versions 1.2.x or 2.0.x and have the console role enabled. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 66235 |
| published | 2013-04-26 |
| reporter | This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. |
| source | https://www.tenable.com/plugins/nessus/66235 |
| title | Puppet Enterprise Console Authentication Bypass (intrusive check) |