CVE-2017-2488
First published: Tue Feb 21 2017(Updated: )
A cryptographic weakness existed in the authentication protocol of Remote Desktop. This issue was addressed by implementing the Secure Remote Password authentication protocol. This issue is fixed in Apple Remote Desktop 3.9. An attacker may be able to capture cleartext passwords.
Credit: CVE-2017-2488 product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple Remote Desktop | <3.9 | 3.9 |
| Apple Remote Desktop | <3.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT207622 (Advisory)
Frequently Asked Questions
What is the severity of CVE-2017-2488?
CVE-2017-2488 is rated as a medium severity vulnerability due to its impact on password security.
How do I fix CVE-2017-2488?
To fix CVE-2017-2488, you should update to Apple Remote Desktop version 3.9 or later.
What type of vulnerability is CVE-2017-2488?
CVE-2017-2488 is a cryptographic vulnerability in the authentication protocol used by Remote Desktop.
Which versions of Apple Remote Desktop are affected by CVE-2017-2488?
Apple Remote Desktop versions prior to 3.9 are affected by CVE-2017-2488.
What kind of attack can be performed due to CVE-2017-2488?
An attacker exploiting CVE-2017-2488 may be able to capture cleartext passwords during the authentication process.
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/references
- agent/event
- agent/description
- agent/trending
- agent/source
- agent/tags
- collector/apple-support
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/apple
- canonical/apple remote desktop