CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2008-3611

Login Window in Apple Mac OS X 10.4.11 does not clear the current password when a user makes a password-change attempt that is denied by policy, which allows opportunistic, physically proximate attackers to bypass authentication and change this user's password by later entering an acceptable new password on the same login screen.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 16.8%

CVSS Severity

CVSS v2 Score 6.3

References

http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html
http://secunia.com/advisories/31882
http://securitytracker.com/id?1020878
http://www.securityfocus.com/bid/31189
http://www.us-cert.gov/cas/techalerts/TA08-260A.html
http://www.vupen.com/english/advisories/2008/2584
https://exchange.xforce.ibmcloud.com/vulnerabilities/45171
http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html
http://secunia.com/advisories/31882
http://securitytracker.com/id?1020878
http://www.securityfocus.com/bid/31189
http://www.us-cert.gov/cas/techalerts/TA08-260A.html
http://www.vupen.com/english/advisories/2008/2584
https://exchange.xforce.ibmcloud.com/vulnerabilities/45171

Products affected by CVE-2008-3611

Apple » Mac Os X » Version: 10.4.11

cpe:2.3:o:apple:mac_os_x:10.4.11
Apple » Mac Os X Server » Version: 10.4.11

cpe:2.3:o:apple:mac_os_x_server:10.4.11

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2008-3611

Products

Pricing

Contact Us