Design/Logic Flaw

The Keychain implementation in Apple Mac OS X 10.6.8 and earlier does not properly handle an untrusted attribute of a Certification Authority certificate, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via an Extended Validation certificate, as demonstrated b...

CVE-2011-3422

CVE-2011-3422 affects Apple Mac OS X (Keychain) where the certificate trust handling for untrusted CA attributes could allow MITM-style spoofing of EV SSL certificates, as evidenced by the description for OS X 10.6.8 and earlier and demonstrated via Safari HTTPS. Connected sources (OpenVAS entrie...

CVE-2011-3422

The Keychain implementation in Apple Mac OS X 10.6.8 and earlier does not properly handle an untrusted attribute of a Certification Authority certificate, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via an Extended Validation certificate, as demonstrated b...

Apple Mac OS X Keychain证书设置安全限制绕过漏洞

BUGTRAQ ID: 49429 Mac OS X是苹果麦金塔Macintosh电脑之操作系统软件的总称。 Mac OS X在Keychain证书的设置上存在安全限制绕过漏洞，远程攻击者可利用此漏洞通过中间人攻击绕过Keychain安全设置。 即使用户已经把Keychain Access中的根CA信任设置标注为“Never Trust”，Mac OS X操作系统也会接受Extended Validation证书为有效。 Apple Mac OS X 10.6.x Apple MacOS X Server 10.6.x 厂商补丁： Apple -----...

How to Recover iPhone Passwords in Six Minutes

Smartphone security has jumped to the top of the list of concerns for many IT security staffs and one of the main reasons for that is the epidemic of lost and stolen smartphones. Many of those devices have only minimal password protection, and now researchers in Germany have devised a new techniq...

Mandriva Update for keychain MDVA-2010:235 (keychain)

Check for the Version of keychain OpenVAS Vulnerability Test Mandriva Update for keychain MDVA-2010:235 keychain Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

Mandriva Update for keychain MDVA-2010:235 (keychain)

Check for the Version of keychain OpenVAS Vulnerability Test Mandriva Update for keychain MDVA-2010:235 keychain Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

MDVA-2010:235 : keychain

Due to a bug in the keychain package the '--noask' option wasn't always used, this caused the Qt4 ssh-askpass dialogue to get loaded before a window manager was fully-started, preventing the user from entering the passphrase as the dialogue never gets focus without a window manager running. This...

CVE-2010-0525

Mail in Apple Mac OS X before 10.6.3 does not properly enforce the key usage extension during processing of a keychain that specifies multiple certificates for an e-mail recipient, which might make it easier for remote attackers to obtain sensitive information via a brute-force attack on a weakly...

Information disclosure

Mail in Apple Mac OS X before 10.6.3 does not properly enforce the key usage extension during processing of a keychain that specifies multiple certificates for an e-mail recipient, which might make it easier for remote attackers to obtain sensitive information via a brute-force attack on a weakly...

CVE-2010-0525

Mail in Apple Mac OS X before 10.6.3 does not properly enforce the key usage extension during processing of a keychain that specifies multiple certificates for an e-mail recipient, which might make it easier for remote attackers to obtain sensitive information via a brute-force attack on a weakly...

MDVA-2009:062 : bash

Bash as shipped with Mandriva Linux 2009.0 was executing keychain for new users even if the application was not installed. This updated package prevents this from happening. %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a security fix...

CVE-2007-5862

Java in Mac OS X 10.4 through 10.4.11 allows remote attackers to bypass Keychain access controls and add or delete arbitrary Keychain items via a crafted Java applet...

Authentication flaw

Java in Mac OS X 10.4 through 10.4.11 allows remote attackers to bypass Keychain access controls and add or delete arbitrary Keychain items via a crafted Java applet...

CVE-2007-5862

Java in Mac OS X 10.4 through 10.4.11 allows remote attackers to bypass Keychain access controls and add or delete arbitrary Keychain items via a crafted Java applet...

CVE-2007-5862

The CVE-2007-5862 issue affects Mac OS X 10.4.x (up to 10.4.11) and Java for Mac OS X 10.4 Release 6. A crafted Java applet could bypass Keychain access controls and add or delete arbitrary Keychain items, enabling remote privilege escalation. The problem stems from improper verification of user ...

Apple Mac OS X Keychain安全绕过漏洞

BUGTRAQ ID: 26877 CVE ID:CVE-2007-5862 CNCVE ID:CNCVE-20075862 Apple Mac OS X是一款商业性质的基于BSD的操作系统。 Apple Mac OS X在执行部分操作时不正确验证用户信任信息，远程攻击者可以利用漏洞进行安全绕过攻击，修改其他用户帐户等操作。 Keychain升级的访问检查可绕过，特定构建的JAVA APPLET可增加或删除用户keychain中的项目而不对用户进行任何提示操作。可能导致修改其他用户帐户等攻击。 Apple Mac OS X Server 10.4.11 Apple Mac OS X...

Mac OS X : Java for Mac OS X 10.4 Release 6

The remote Mac OS X 10.4 host is running a version of Java for Mac OS X that is older than release 6. The remote version of this software contains several security vulnerabilities that may allow a rogue Java applet to escalate its privileges and to add or remove arbitrary items from the user's...

Apple Mac OS X v10.4.11之前版本多个安全漏洞

BUGTRAQ ID: 26444 CVECAN ID:...

Default configuration

The default configuration of Safari in Apple Mac OS X 10.4 through 10.4.10 adds a private key to the keychain with permissions that allow other applications to access the key without warning the user, which might allow other applications to bypass intended access restrictions...