CVE-2005-2520
First published: Fri Aug 19 2005(Updated: )
The password assistant in Mac OS X 10.4 to 10.4.2, when used to create multiple accounts from the same process, does not reset the suggested password list when the assistant is displayed, which allows attackers to view recently used passwords.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple iOS and macOS | =10.4.1 | |
| Apple iOS and macOS | =10.4 | |
| Apple iOS and macOS | =10.4.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2005-2520?
CVE-2005-2520 is considered a moderate severity vulnerability due to potential password exposure.
How do I fix CVE-2005-2520?
To fix CVE-2005-2520, upgrade to a later version of Mac OS X that addresses this vulnerability.
What versions of Mac OS X are affected by CVE-2005-2520?
CVE-2005-2520 affects Mac OS X versions 10.4, 10.4.1, and 10.4.2.
What is the impact of CVE-2005-2520?
The impact of CVE-2005-2520 allows attackers to view recently used passwords through the password assistant.
Can CVE-2005-2520 be exploited remotely?
CVE-2005-2520 requires local access to exploit, as it involves the local password assistant interface.
- agent/type
- agent/remedy
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/references
- agent/author
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- vendor/apple
- product/mac os x
- canonical/apple mac os x
- agent/software-canonical-lookup-request
- collector/nvd-index
- canonical/apple ios and macos
- version/apple ios and macos/10.4.1
- version/apple ios and macos/10.4
- version/apple ios and macos/10.4.2