Lucene search

[email protected]CVE-2008-3611

HistorySep 16, 2008 - 11:00 p.m.

CVE-2008-3611

2008-09-1623:00:01

CWE-287

[email protected]

web.nvd.nist.gov

apple

mac os x

10.4.11

authentication bypass

cve-2008-3611

nvd

security vulnerability

6.3 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:C/A:C

6.4 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

67.9%

JSON

Login Window in Apple Mac OS X 10.4.11 does not clear the current password when a user makes a password-change attempt that is denied by policy, which allows opportunistic, physically proximate attackers to bypass authentication and change this user’s password by later entering an acceptable new password on the same login screen.

Affected configurations

NVD

Node

applemac_os_xMatch10.4.11

applemac_os_x_serverMatch10.4.11

CPENameOperatorVersion
apple:mac_os_xapple mac os xeq10.4.11
apple:mac_os_x_serverapple mac os x servereq10.4.11

CPE	Name	Operator	Version
apple:mac_os_x	apple mac os x	eq	10.4.11
apple:mac_os_x_server	apple mac os x server	eq	10.4.11

References

lists.apple.com/archives/security-announce//2008/Sep/msg00005.html

secunia.com/advisories/31882

securitytracker.com/id?1020878

www.securityfocus.com/bid/31189

www.us-cert.gov/cas/techalerts/TA08-260A.html

www.vupen.com/english/advisories/2008/2584

exchange.xforce.ibmcloud.com/vulnerabilities/45171

6.3 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:C/A:C

6.4 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

67.9%

JSON

Related for CVE-2008-3611

cvelist1 nvd1 prion1 nessus2 openvas2