CVE-2012-3698

Apple Xcode before 4.4 does not properly compose a designated requirement DR during signing of programs that lack bundle identifiers, which allows remote attackers to read keychain entries via a crafted app, as demonstrated by the keychain entries of a 1 helper tool or 2 command-line tool...

Apple Mac OS X Keychain Certificate Settings Security Bypass Vulnerability

Mac OS X is prone to a security bypass vulnerability. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apple Mac OS X Keychain Certificate Settings Security Bypass Vulnerability

This host is installed with Mac OS X and is prone to the security bypass vulnerability. OpenVAS Vulnerability Test $Id: secpodmacosxkeychainimplsecbypassvuln.nasl 7044 2017-09-01 11:50:59Z teissa $ Apple Mac OS X Keychain Certificate Settings Security Bypass Vulnerability Authors: Antu Sanadi...

CVE-2011-3422

The Keychain implementation in Apple Mac OS X 10.6.8 and earlier does not properly handle an untrusted attribute of a Certification Authority certificate, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via an Extended Validation certificate, as demonstrated b...

Design/Logic Flaw

The Keychain implementation in Apple Mac OS X 10.6.8 and earlier does not properly handle an untrusted attribute of a Certification Authority certificate, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via an Extended Validation certificate, as demonstrated b...

CVE-2011-3422

CVE-2011-3422 affects Apple Mac OS X (Keychain) where the certificate trust handling for untrusted CA attributes could allow MITM-style spoofing of EV SSL certificates, as evidenced by the description for OS X 10.6.8 and earlier and demonstrated via Safari HTTPS. Connected sources (OpenVAS entrie...

CVE-2011-3422

The Keychain implementation in Apple Mac OS X 10.6.8 and earlier does not properly handle an untrusted attribute of a Certification Authority certificate, which makes it easier for man-in-the-middle attackers to spoof arbitrary SSL servers via an Extended Validation certificate, as demonstrated b...

Apple Mac OS X Keychain证书设置安全限制绕过漏洞

BUGTRAQ ID: 49429 Mac OS X是苹果麦金塔Macintosh电脑之操作系统软件的总称。 Mac OS X在Keychain证书的设置上存在安全限制绕过漏洞，远程攻击者可利用此漏洞通过中间人攻击绕过Keychain安全设置。 即使用户已经把Keychain Access中的根CA信任设置标注为“Never Trust”，Mac OS X操作系统也会接受Extended Validation证书为有效。 Apple Mac OS X 10.6.x Apple MacOS X Server 10.6.x 厂商补丁： Apple -----...

How to Recover iPhone Passwords in Six Minutes

Smartphone security has jumped to the top of the list of concerns for many IT security staffs and one of the main reasons for that is the epidemic of lost and stolen smartphones. Many of those devices have only minimal password protection, and now researchers in Germany have devised a new techniq...

Mandriva Update for keychain MDVA-2010:235 (keychain)

Check for the Version of keychain OpenVAS Vulnerability Test Mandriva Update for keychain MDVA-2010:235 keychain Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

Mandriva Update for keychain MDVA-2010:235 (keychain)

Check for the Version of keychain OpenVAS Vulnerability Test Mandriva Update for keychain MDVA-2010:235 keychain Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

MDVA-2010:235 : keychain

Due to a bug in the keychain package the '--noask' option wasn't always used, this caused the Qt4 ssh-askpass dialogue to get loaded before a window manager was fully-started, preventing the user from entering the passphrase as the dialogue never gets focus without a window manager running. This...

CVE-2010-0525

Mail in Apple Mac OS X before 10.6.3 does not properly enforce the key usage extension during processing of a keychain that specifies multiple certificates for an e-mail recipient, which might make it easier for remote attackers to obtain sensitive information via a brute-force attack on a weakly...

Information disclosure

Mail in Apple Mac OS X before 10.6.3 does not properly enforce the key usage extension during processing of a keychain that specifies multiple certificates for an e-mail recipient, which might make it easier for remote attackers to obtain sensitive information via a brute-force attack on a weakly...

CVE-2010-0525

Mail in Apple Mac OS X before 10.6.3 does not properly enforce the key usage extension during processing of a keychain that specifies multiple certificates for an e-mail recipient, which might make it easier for remote attackers to obtain sensitive information via a brute-force attack on a weakly...

MDVA-2009:062 : bash

Bash as shipped with Mandriva Linux 2009.0 was executing keychain for new users even if the application was not installed. This updated package prevents this from happening. %NASLMINLEVEL 70300 @DEPRECATED@ This script has been deprecated as the associated patch is not currently a security fix...

CVE-2007-5862

Java in Mac OS X 10.4 through 10.4.11 allows remote attackers to bypass Keychain access controls and add or delete arbitrary Keychain items via a crafted Java applet...

Authentication flaw

Java in Mac OS X 10.4 through 10.4.11 allows remote attackers to bypass Keychain access controls and add or delete arbitrary Keychain items via a crafted Java applet...

CVE-2007-5862

Java in Mac OS X 10.4 through 10.4.11 allows remote attackers to bypass Keychain access controls and add or delete arbitrary Keychain items via a crafted Java applet...

CVE-2007-5862

The CVE-2007-5862 issue affects Mac OS X 10.4.x (up to 10.4.11) and Java for Mac OS X 10.4 Release 6. A crafted Java applet could bypass Keychain access controls and add or delete arbitrary Keychain items, enabling remote privilege escalation. The problem stems from improper verification of user ...