2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
6 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
53.3%
Apple Mac OS X 10.3.4, 10.4, 10.5, and possibly other versions does not properly clear memory for login (aka Loginwindow.app), Keychain, or FileVault passwords, which could allow the root user or an attacker with physical access to obtain sensitive information by reading memory.
CPE | Name | Operator | Version |
---|---|---|---|
apple:mac_os_x | apple mac os x | eq | 10.3.4 |
apple:mac_os_x | apple mac os x | eq | 10.4 |
apple:mac_os_x | apple mac os x | eq | 10.5 |