11 matches found
CVE-2025-70342
erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output to a hardcoded path /var/tmp/dialog.json. This allows an unauthenticated attacker to intercept admin credentials entered during reinstall/erase operations via creating a named pipe...
EUVD-2025-208272
erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output to a hardcoded path /var/tmp/dialog.json. This allows an unauthenticated attacker to intercept admin credentials entered during reinstall/erase operations via creating a named pipe...
CVE-2025-70342
erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output to a hardcoded path /var/tmp/dialog.json. This allows an unauthenticated attacker to intercept admin credentials entered during reinstall/erase operations via creating a named pipe...
CVE-2025-70342
erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output to a hardcoded path /var/tmp/dialog.json. This allows an unauthenticated attacker to intercept admin credentials entered during reinstall/erase operations via creating a named pipe...
CVE-2025-70342
erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output to a hardcoded path /var/tmp/dialog.json. This allows an unauthenticated attacker to intercept admin credentials entered during reinstall/erase operations via creating a named pipe...
erase-install 安全漏洞
erase-install is a macOS system reinstallation and upgrade script developed by Graham Pugh. Versions of erase-install prior to v40.4 contained security vulnerabilities; these vulnerabilities stemmed from the practice of writing credential outputs into hardcoded paths, which could allow unverified...
CVE-2025-70342
erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output to a hardcoded path /var/tmp/dialog.json. This allows an unauthenticated attacker to intercept admin credentials entered during reinstall/erase operations via creating a named pipe...
PT-2026-22927
erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output to a hardcoded path /var/tmp/dialog.json. This allows an unauthenticated attacker to intercept admin credentials entered during reinstall/erase operations via creating a named pipe...
CVE-2025-70342
erase-install prior to v40.4 commit 2c31239 writes swiftDialog credential output to a hardcoded path /var/tmp/dialog.json. This allows an unauthenticated attacker to intercept admin credentials entered during reinstall/erase operations via creating a named pipe...
CVE-2025-70342
CVE-2025-70342: erase-install prior to v40.4 (commit 2c31239) writes swiftDialog credential output to a hardcoded path (/var/tmp/dialog.json), enabling an unauthenticated attacker to intercept admin credentials during reinstall/erase operations by creating a named pipe. This document provides the...
Exploit for CVE-2025-70342
CVE-2025-70342: Credential Interception via Named Pipe in eras...