Puppet Server Naive Signing Scanner

You can scan Puppet server to see whether naive signing is enabled by using this tool.

Short Info

Level

Low

Type

Single Scan

Can be used by

Asset Owner

Estimated Time

15 sec

Scan only one

Domain, Ipv4

Parent Category

Puppet Server Naive Signing Scanner Detail

Detects if naive signing is enabled on a Puppet server. This enables attackers to create any Certificate Signing Request and have it signed, allowing them to impersonate as a puppet agent. This can leak the configuration of the agents as well as any other sensitive information found in the configuration files.

This script makes use of the Puppet HTTP API interface to sign the request.

This script has been Tested on versions 3.8.5, 4.10.

References:

https://docs.puppet.com/puppet/4.10/ssl_autosign.html#security-implications-of-nave-autosigning

cyber security services for everyone one. Free security tools, continuous vulnerability scanning and many more.

Try it yourself,
control security posture

Get free usage

Learn More About Product