Mac OS X Server Workgroup Manager NetInfo Parent Account Password Encryption Weakness

2006-09-27T16:18:57
ID OSVDB:29276
Type osvdb
Reporter Chris Pepper()
Modified 2006-09-27T16:18:57

Description

Vulnerability Description

Mac OS X Server contains a flaw that may allow an administrator to believe he changed the authentication type from crypt to ShadowHash passwords, when the change does not actually happen. The issue is triggered when Workgroup Manager indicates that it is possible to make the change through its interface, though it is not. It is possible that the flaw may allow administrators to use a different authentication type than they actually intend resulting in a loss of integrity..

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Apple has released a patch to address this vulnerability.

Short Description

Mac OS X Server contains a flaw that may allow an administrator to believe he changed the authentication type from crypt to ShadowHash passwords, when the change does not actually happen. The issue is triggered when Workgroup Manager indicates that it is possible to make the change through its interface, though it is not. It is possible that the flaw may allow administrators to use a different authentication type than they actually intend resulting in a loss of integrity..

References:

Vendor Specific News/Changelog Entry: http://docs.info.apple.com/article.html?artnum=304460 Security Tracker: 1016958 Secunia Advisory ID:22187 Related OSVDB ID: 29268 Related OSVDB ID: 29273 Related OSVDB ID: 29270 Related OSVDB ID: 29269 Related OSVDB ID: 29267 Related OSVDB ID: 29271 Related OSVDB ID: 29272 Related OSVDB ID: 29274 Related OSVDB ID: 29275 ISS X-Force ID: 29302 FrSIRT Advisory: ADV-2006-3852 CVE-2006-4399 CERT VU: 827468 CERT: TA06-275A Bugtraq ID: 20271