CVE-2008-1005: Infoleak
First published: Wed Mar 19 2008(Updated: )
WebCore, as used in Apple Safari before 3.1, does not properly mask the password field when reverse conversion is used with the Kotoeri input method, which allows physically proximate attackers to read the password.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Safari | =1.3.2 | |
| Safari | =3.0.4 | |
| Safari | =2.0.2 | |
| Safari | =3.0.1 | |
| Safari | =3.0.2 | |
| Safari | =1.0 | |
| Safari | =1.3 | |
| Safari | =3.0.3 | |
| Safari | =2.0 | |
| Safari | =0.8 | |
| Safari | =2.0.4 | |
| Safari | =1.1 | |
| Safari | =1.3.1 | |
| Safari | =1.2 | |
| Safari | =3.0 | |
| Safari | =0.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.apple.com/archives/security-announce/2008/Mar/msg00000.html
- http://docs.info.apple.com/article.html?artnum=307563
- http://www.securitytracker.com/id?1019656
- http://www.securityfocus.com/bid/28326
- http://www.us-cert.gov/cas/techalerts/TA08-079A.html
- http://www.securityfocus.com/bid/28290
- http://secunia.com/advisories/29393
- http://www.vupen.com/english/advisories/2008/0920/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41329
Frequently Asked Questions
What is the severity of CVE-2008-1005?
CVE-2008-1005 has a medium severity rating as it allows local attackers to read passwords.
How do I fix CVE-2008-1005?
To fix CVE-2008-1005, users should upgrade to a fixed version of Apple Safari that patches this vulnerability.
Which versions of Safari are affected by CVE-2008-1005?
CVE-2008-1005 affects multiple versions of Apple Safari, specifically those prior to version 3.1.
Who can exploit CVE-2008-1005?
CVE-2008-1005 can be exploited by physically proximate attackers who can access the victim's machine.
What are the implications of CVE-2008-1005?
The implications of CVE-2008-1005 include the potential for unauthorized password disclosure, compromising user security.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/references
- agent/weakness
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/apple
- canonical/safari
- version/safari/1.3.2
- version/safari/3.0.4
- version/safari/2.0.2
- version/safari/3.0.1
- version/safari/3.0.2
- version/safari/1.0
- version/safari/1.3
- version/safari/3.0.3
- version/safari/2.0
- version/safari/0.8
- version/safari/2.0.4
- version/safari/1.1
- version/safari/1.3.1
- version/safari/1.2
- version/safari/3.0
- version/safari/0.9