CVE Vulnerability

CVE-2008-3611

Login Window in Apple Mac OS X 10.4.11 does not clear the current password when a user makes a password-change attempt that is denied by policy, which allows opportunistic, physically proximate attackers to bypass authentication and change this user's password by later entering an acceptable new password on the same login screen.

6.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 3.4 / Impact : 9.2

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact COMPLETE

Availability Impact COMPLETE

Scope

References
Link Resource
http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html
http://securitytracker.com/id?1020878
http://www.securityfocus.com/bid/31189 Patch
http://secunia.com/advisories/31882 Vendor Advisory
http://www.us-cert.gov/cas/techalerts/TA08-260A.html US Government Resource
http://www.vupen.com/english/advisories/2008/2584 Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/45171
Configurations

Configuration 1

cpe:2.3:o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.4.11:*:*:*:*:*:*:*
Information

Published : 2008-09-16 11:00

Updated : 2017-08-08 01:32

NVD link : CVE-2008-3611

Mitre link : CVE-2008-3611

Products Affected
No products.
CWE
CWE-287