Title: Puppet lib/puppet/network/authstore.rb Certname IP Address Remote Agent Spoofing Weakness
Jul 10, 2012
Jun 26, 2012
Puppet contains a flaw that is triggered by lib/puppet/network/authstore.rb supporting the use of IP addresses in certnames. This may allow a remote attacker to gain access to previously used IP addresses and spoof a remote agent.