3 matches found
CVE-2013-5181
The auto-configuration feature in Mail in Apple Mac OS X before 10.9 selects plaintext authentication for unspecified servers that support CRAM-MD5 authentication, which allows remote attackers to obtain sensitive information by sniffing the network...
Apple Mac OS X不安全身份验证漏洞(CVE-2013-5181)
BUGTRAQ ID: 63350 CVECAN ID: CVE-2013-5181 OS X(前称Mac OS X)是苹果公司为麦金塔电脑开发的专属操作系统的最新版本。 OS X 10.9之前版本“邮件”的自动配置功能内存在安全漏洞,对于支持CRAM-MD5身份验证的服务器选择了纯文本身份验证,可使远程攻击者通过嗅探网络,获取敏感信息。 0 Apple Mac OS X 10.9 厂商补丁: Apple ----- Apple已经为此发布了一个安全公告(msg00004)以及相应补丁: msg00004:APPLE-SA-2013-10-22-3 OS X Mavericks v10....
CVE-2013-5181
Apple Mac OS X Mail’s auto-configuration (pre-10.9) may select plaintext authentication for servers that support CRAM-MD5, enabling remote sniffing of credentials. Affected: OS X Mail before 10.9. Root cause: plaintext auth chosen during auto-config. Impact: potential exposure of sensitive inform...