CVE-2008-3611

Опубликовано: 16 сент. 2008

Источник: nvd

CVSS2: 6.3

EPSS Низкий

Описание

Login Window in Apple Mac OS X 10.4.11 does not clear the current password when a user makes a password-change attempt that is denied by policy, which allows opportunistic, physically proximate attackers to bypass authentication and change this user's password by later entering an acceptable new password on the same login screen.

Ссылки

http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html
http://secunia.com/advisories/31882
Vendor Advisory
http://securitytracker.com/id?1020878
http://www.securityfocus.com/bid/31189
Patch
http://www.us-cert.gov/cas/techalerts/TA08-260A.html
US Government Resource
http://www.vupen.com/english/advisories/2008/2584
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/45171
http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html
http://secunia.com/advisories/31882
Vendor Advisory
http://securitytracker.com/id?1020878
http://www.securityfocus.com/bid/31189
Patch
http://www.us-cert.gov/cas/techalerts/TA08-260A.html
US Government Resource
http://www.vupen.com/english/advisories/2008/2584
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/45171

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*

EPSS

Процентиль: 17%

0.00055

Низкий

6.3 Medium

CVSS2

Дефекты

CWE-287

Связанные уязвимости

GHSA-hrpf-8q8g-5rwf

github

почти 4 года назад