github.com/hashicorp/consul is vulnerable to man-in-the-middle. The agent-to-agent RPC communication does not verify the hostname of outgoing connections which results in an insecure plaintext communications channel. This allows an attacker to perform a man-in-the-middle attack against vulnerable clients or servers.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/hashicorp/consul | eq | HEAD | |
github.com/hashicorp/consul | le | 1.4.0 |