Design/Logic Flaw

2009-09-1522:30:00

PRIOn knowledge base

www.prio-n.com

6.5 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

23.8%

JSON

The screensharing feature in the Admin application in Apple Xsan before 2.2 places a cleartext username and password in a URL within an error dialog, which allows physically proximate attackers to obtain credentials by reading this dialog.

CPENameOperatorVersion
xsaneq1.2
xsaneq1.3
xsanle2.1.1
xsaneq1.0

Name	Operator	Version
xsan	eq	1.2
xsan	eq	1.3
xsan	le	2.1.1
xsan	eq	1.0

References

lists.apple.com/archives/security-announce/2009/Sep/msg00005.html

osvdb.org/58133

secunia.com/advisories/36673

support.apple.com/kb/HT3797

www.securityfocus.com/bid/36385

www.securitytracker.com/id?1022904

www.vupen.com/english/advisories/2009/2644

exchange.xforce.ibmcloud.com/vulnerabilities/53232