Lucene search
HistoryDec 31, 2002 - 5:00 a.m.
CVE-2002-2326
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.9
Confidence
Low
EPSS
0.004
Percentile
72.9%
The default configuration of Mail.app in Mac OS X 10.0 through 10.0.4 and 10.1 through 10.1.5 sends iDisk authentication credentials in cleartext when connecting to Mac.com, which could allow remote attackers to obtain passwords by sniffing network traffic.
Affected configurations
Node
applemac_os_xMatch10.0
ORapplemac_os_xMatch10.0.1
ORapplemac_os_xMatch10.0.2
ORapplemac_os_xMatch10.0.3
ORapplemac_os_xMatch10.0.4
ORapplemac_os_xMatch10.1
ORapplemac_os_xMatch10.1.1
ORapplemac_os_xMatch10.1.2
ORapplemac_os_xMatch10.1.3
ORapplemac_os_xMatch10.1.4
ORapplemac_os_xMatch10.1.5
| Vendor | Product | Version | CPE |
|---|---|---|---|
| apple | mac_os_x | 10.0 | cpe:2.3:o:apple:mac_os_x:10.0:*:*:*:*:*:*:* |
| apple | mac_os_x | 10.0.1 | cpe:2.3:o:apple:mac_os_x:10.0.1:*:*:*:*:*:*:* |
| apple | mac_os_x | 10.0.2 | cpe:2.3:o:apple:mac_os_x:10.0.2:*:*:*:*:*:*:* |
| apple | mac_os_x | 10.0.3 | cpe:2.3:o:apple:mac_os_x:10.0.3:*:*:*:*:*:*:* |
| apple | mac_os_x | 10.0.4 | cpe:2.3:o:apple:mac_os_x:10.0.4:*:*:*:*:*:*:* |
| apple | mac_os_x | 10.1 | cpe:2.3:o:apple:mac_os_x:10.1:*:*:*:*:*:*:* |
| apple | mac_os_x | 10.1.1 | cpe:2.3:o:apple:mac_os_x:10.1.1:*:*:*:*:*:*:* |
| apple | mac_os_x | 10.1.2 | cpe:2.3:o:apple:mac_os_x:10.1.2:*:*:*:*:*:*:* |
| apple | mac_os_x | 10.1.3 | cpe:2.3:o:apple:mac_os_x:10.1.3:*:*:*:*:*:*:* |
| apple | mac_os_x | 10.1.4 | cpe:2.3:o:apple:mac_os_x:10.1.4:*:*:*:*:*:*:* |
CVSS2
5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
AI Score
6.9
Confidence
Low
EPSS
0.004
Percentile
72.9%
Related for NVD:CVE-2002-2326