CVE-2013-4964 (Session Cookies Not Set With Secure Flag)
Posted August 15, 2013
The “puppet_enterprise_console” cookie, which is used to control access to the application, was not marked with the “Secure” flag, which means a browser could pass it via a non-encrypted connection.
An attacker could potentially exploit this vulnerability by capturing a user’s session ID via a network sniffing attack. An attack like this could allow the attacker to hijack the user’s Puppet session and impersonate them, change their password, create new users, make configuration changes, and access other functions or services available to the user.
- Affected Versions: Puppet Enterprise 2.x, 3.0.0
- Resolved in Puppet Enterprise 3.0.1.