First published: Tue Sep 15 2009(Updated: )
The screensharing feature in the Admin application in Apple Xsan before 2.2 places a cleartext username and password in a URL within an error dialog, which allows physically proximate attackers to obtain credentials by reading this dialog.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Apple Xsan | =1.2 | |
Apple Xsan | =1.3 | |
Apple Xsan | <=2.1.1 | |
Apple Xsan | =1.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2009-2201 has a medium severity rating due to the exposure of sensitive credentials.
To address CVE-2009-2201, users should upgrade to Apple Xsan version 2.2 or later.
CVE-2009-2201 exploits the screensharing feature by exposing cleartext usernames and passwords in error dialogs.
CVE-2009-2201 affects users of Apple Xsan versions up to and including 2.1.1.
CVE-2009-2201 requires physical proximity to exploit, as it involves reading error dialogs displaying credentials.