CVE-2013-4962 in Puppet
Tóm tắt
Bởi MITRE
The reset password page in Puppet Enterprise before 3.0.1 does not force entry of the current password, which allows attackers to modify user passwords by leveraging session hijacking, an unattended workstation, or other vectors.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.