CVE Reference: CVE-2013-1028

NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE:
CVE-2013-1028

Description:
The IPSec implementation in Apple Mac OS X before 10.8.5, when Hybrid Auth is used, does not verify X.509 certificates from security gateways, which allows man-in-the-middle attackers to spoof security gateways and obtain sensitive information via a crafted certificate.

CVE Status:
Candidate

References:

SAID
  Secunia Advisory: SA54886

CONFIRM
  http://support.apple.com/kb/HT5934
  http://support.apple.com/kb/HT5880

APPLE
  http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html
  http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html


Return to the previous page.