Описание
The screensharing feature in the Admin application in Apple Xsan before 2.2 places a cleartext username and password in a URL within an error dialog, which allows physically proximate attackers to obtain credentials by reading this dialog.
Ссылки
- PatchVendor Advisory
- PatchVendor Advisory
- Patch
- PatchVendor Advisory
- PatchVendor Advisory
- PatchVendor Advisory
- Patch
- PatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 2.1.1 (включая)
Одно из
cpe:2.3:a:apple:xsan:*:*:*:*:*:*:*:*
cpe:2.3:a:apple:xsan:1.0:*:*:*:*:*:*:*
cpe:2.3:a:apple:xsan:1.2:*:*:*:*:*:*:*
cpe:2.3:a:apple:xsan:1.3:*:*:*:*:*:*:*
EPSS
Процентиль: 24%
0.00082
Низкий
2.1 Low
CVSS2
Дефекты
CWE-310
Связанные уязвимости
github
почти 4 года назад
The screensharing feature in the Admin application in Apple Xsan before 2.2 places a cleartext username and password in a URL within an error dialog, which allows physically proximate attackers to obtain credentials by reading this dialog.
EPSS
Процентиль: 24%
0.00082
Низкий
2.1 Low
CVSS2
Дефекты
CWE-310