← back
CVE-2013-4962

CVE-2013-4962

EPSS 1.2%
The reset password page in Puppet Enterprise before 3.0.1 does not force entry of the current password, which allows attackers to modify user passwords by leveraging session hijacking, an unattended workstation, or other vectors.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://puppetlabs.com/security/cve/cve-2013-4962/