CVE-2008-3611
First published: Tue Sep 16 2008(Updated: )
Login Window in Apple Mac OS X 10.4.11 does not clear the current password when a user makes a password-change attempt that is denied by policy, which allows opportunistic, physically proximate attackers to bypass authentication and change this user's password by later entering an acceptable new password on the same login screen.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple Mac OS X Server | =10.4.11 | |
| macOS Yosemite | =10.4.11 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html
- http://securitytracker.com/id?1020878
- http://www.securityfocus.com/bid/31189
- http://secunia.com/advisories/31882
- http://www.us-cert.gov/cas/techalerts/TA08-260A.html
- http://www.vupen.com/english/advisories/2008/2584
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45171
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/remedy
- agent/references
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/softwarecombine
- vendor/apple
- canonical/apple mac os x server
- version/apple mac os x server/10.4.11
- canonical/macos yosemite
- version/macos yosemite/10.4.11