Lucene search

K
cve[email protected]CVE-2009-2201
HistorySep 15, 2009 - 10:30 p.m.

CVE-2009-2201

2009-09-1522:30:00
CWE-310
web.nvd.nist.gov
22
cve-2009-2201
apple xsan
screensharing
credentials
cleartext
security vulnerability

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

23.7%

The screensharing feature in the Admin application in Apple Xsan before 2.2 places a cleartext username and password in a URL within an error dialog, which allows physically proximate attackers to obtain credentials by reading this dialog.

Affected configurations

NVD
Node
applexsanRange≀2.1.1
OR
applexsanMatch1.0
OR
applexsanMatch1.2
OR
applexsanMatch1.3

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

6 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

23.7%

Related for CVE-2009-2201