2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
5.9 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
32.2%
WebCore, as used in Apple Safari before 3.1, does not properly mask the password field when reverse conversion is used with the Kotoeri input method, which allows physically proximate attackers to read the password.
docs.info.apple.com/article.html?artnum=307563
lists.apple.com/archives/security-announce/2008/Mar/msg00000.html
secunia.com/advisories/29393
www.securityfocus.com/bid/28290
www.securityfocus.com/bid/28326
www.securitytracker.com/id?1019656
www.us-cert.gov/cas/techalerts/TA08-079A.html
www.vupen.com/english/advisories/2008/0920/references
exchange.xforce.ibmcloud.com/vulnerabilities/41329