ID CVE-2005-2520
Summary The password assistant in Mac OS X 10.4 to 10.4.2, when used to create multiple accounts from the same process, does not reset the suggested password list when the assistant is displayed, which allows attackers to view recently used passwords.
References
Vulnerable Configurations
  • Apple Mac OS X 10.4
    cpe:2.3:o:apple:mac_os_x:10.4
  • Apple Mac OS X 10.4.1
    cpe:2.3:o:apple:mac_os_x:10.4.1
  • Apple Mac OS X 10.4.2
    cpe:2.3:o:apple:mac_os_x:10.4.2
CVSS
Base: 2.1 (as of 19-08-2005 - 10:28)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
NASL family MacOS X Local Security Checks
NASL id MACOSX_SECUPD2005-007.NASL
description The remote host is running a version of Mac OS X 10.4 or 10.3 that does not have Security Update 2005-007 applied. This security update contains fixes for the following products : - Apache 2 - AppKit - Bluetooth - CoreFoundation - CUPS - Directory Services - HItoolbox - Kerberos - loginwindow - Mail - MySQL - OpenSSL - QuartzComposerScreenSaver - ping - Safari - SecurityInterface - servermgrd - servermgr_ipfilter - SquirelMail - traceroute - WebKit - WebLog Server - X11 - zlib
last seen 2019-02-21
modified 2018-07-14
plugin id 19463
published 2005-08-18
reporter Tenable
source https://www.tenable.com/plugins/index.php?view=single&id=19463
title Mac OS X Multiple Vulnerabilities (Security Update 2005-007)
refmap via4
apple
  • APPLE-SA-2005-08-15
  • APPLE-SA-2005-08-17
sectrack 1014707
Last major update 05-09-2008 - 16:51
Published 19-08-2005 - 00:00
Back to Top