Cleartext Agent-to-Agent RPC Communication Vulnerability in HashiCorp Consul

CVE-2018-19653 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

HashiCorp Consul 0.5.1 through 1.4.0 can use cleartext agent-to-agent RPC communication because the verify_outgoing setting is improperly documented. NOTE: the vendor has provided reconfiguration steps that do not require a software upgrade.

Learn more about our Web Application Penetration Testing UK.