PT-2017-6817 · Foreman · Foreman
Dominic Cleal
+1
·
Published
2017-07-14
·
Updated
2023-02-13
·
CVE-2015-5152
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Foreman versions 1.1 through 1.9.0-RC1
Description
The issue allows remote attackers to obtain user credentials via a man-in-the-middle attack because HTTP requests are not redirected to HTTPS when the require ssl setting is set to true.
Recommendations
For versions 1.1 through 1.9.0-RC1, ensure the require ssl setting is properly configured and consider implementing additional security measures to enforce HTTPS connections, such as configuring the server to redirect all HTTP requests to HTTPS.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Foreman