CVE-2013-4965

Puppet Enterprise <3.1.0 - Auth Bypass

Title source: llm

Description

Puppet Enterprise before 3.1.0 does not properly restrict the number of authentication attempts by a console account, which makes it easier for remote attackers to bypass intended access restrictions via a brute-force attack.

References (2)

[Vendor Advisory] http://puppetlabs.com/security/cve/cve-2013-4965

[Third Party Advisory, VDB Entry] http://osvdb.org/98640

Scores

EPSS 0.0072

EPSS Percentile 72.2%

Classification

CWE

CWE-287

Status draft

Affected Products (2)

puppet/puppet_enterprise < 3.0.1

puppet/puppet_enterprise

Timeline

Published Oct 25, 2013

Tracked Since Feb 18, 2026