Vigil@nce - Puppet Labs Puppet: creation of passwordless account
November 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can trigger the creation of a passwordless account for
Puppet Labs Puppet, in order to increase its access rights.
Impacted products: Puppet.
Severity: 2/4.
Creation date: 23/09/2015.
DESCRIPTION OF THE VULNERABILITY
The Puppet Labs Puppet product manages user accounts.
These accounts may be defined in a MySQL database. However, The
username is not rightly validated and the interpretation of the
account name may include an host name or address. In such a case,
after access rights initialization, the net result is a
passwordless user account.
An attacker can therefore trigger the creation of a passwordless
account for Puppet Labs Puppet, in order to increase its access
rights.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Puppet-Labs-Puppet-creation-of-passwordless-account-17961