|
|
CVE Reference: CVE-2008-3611 |
|
| NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE. | |
|
Original Page at CVE MITRE: CVE-2008-3611 |
|
|
Description: Login Window in Apple Mac OS X 10.4.11 does not clear the current password when a user makes a password-change attempt that is denied by policy, which allows opportunistic, physically proximate attackers to bypass authentication and change this user's password by later entering an acceptable new password on the same login screen. |
|
|
CVE Status: Candidate |
|
|
References: XF http://xforce.iss.net/xforce/xfdb/45171 ST 1020878 SAID Secunia Advisory: SA31882 CERT http://www.us-cert.gov/cas/techalerts/TA08-260A.html BID 31189 APPLE http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html |
|
| Return to the previous page. |
