First published: Mon Sep 25 2017(Updated: )
An issue was discovered in certain Apple products. macOS before 10.13 is affected. The issue involves the "Captive Network Assistant" component. It allows remote attackers to discover cleartext passwords in opportunistic circumstances by sniffing the network during use of the captive portal browser, which has a UI error that can lead to cleartext transmission without the user's awareness.
Credit: product-security@apple.com Matthew Green Johns Hopkins University
Affected Software | Affected Version | How to fix |
---|---|---|
Apple Mac OS X | <=10.12.6 | |
Apple macOS High Sierra | <10.13 | 10.13 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
The vulnerability ID of this issue is CVE-2017-7143.
The severity of CVE-2017-7143 is medium with a severity value of 5.5.
No, macOS High Sierra version 10.13 is not affected by this vulnerability.
Remote attackers can discover cleartext passwords by sniffing the network during use of the captive portal browser.
Yes, Apple has provided a fix for this vulnerability. Please refer to the references for more information.