Posted August 15, 2013
Assessed Risk Level: Low
When a user clicked the logout link, the Puppet Enterprise generated and set a new puppet_enterprise_console cookie value. However, it did not invalidate the old session. This made it possible for an attacker to potentially hijack a user's session using a stolen session ID value, even after the user had already logged out of the application.
An attacker could use this hijacked session to impersonate a user and gain access to the user's account information. In the case at hand, an attacker could use a compromised session ID even after the user had already clicked on the logout button.
- Affected Versions: Puppet Enterprise 2.x, 3.0.0
- Resolved in Puppet Enterprise 3.0.1